CVE-2019-5426Improper Authentication in Edgeswitch X

CWE-287Improper Authentication3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.4%
top 38.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
UI Edgeswitch XUbiquiti Networks Edgemax
Timeline
PublishedApr 10
Latest updateMay 13

Description

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages2 packages

CVEListV5ubiquiti_networks/edgemaxEdgeSwitch X prior to v1.1.1
NVDui/edgeswitch_x1.1.0

Patches

Patch: community.ubnt.comPatch: community.ubnt.com

🔴Vulnerability Details

2
GHSA
GHSA-x3jj-59g5-58r2: In Ubiquiti Networks EdgeSwitch X v12022-05-13
CVEList
CVE-2019-5426: In Ubiquiti Networks EdgeSwitch X v12019-04-10
CVE-2019-5426 — Improper Authentication in Edgeswitch X | cvebase