CVE-2019-5426

Published: Apr 10, 2019Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.2 / Impact: 2.5

Source: NVD

Description

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.

Affected (1)

Products: Ui: Edgeswitch X

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ui Edgeswitch X	Up to 1.1.0

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137

Source: support@hackerone.com

PatchVendor Advisory

https://hackerone.com/reports/512958

Source: support@hackerone.com

Third Party Advisory

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://hackerone.com/reports/512958

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.