CVE-2020-24755

Published: May 17, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64).

Affected (1)

Products: Ui: Unifi Video

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ui Unifi Video	Version 3.10.13

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://www.youtube.com/watch?v=T41h4yeh9dk

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.youtube.com/watch?v=T41h4yeh9dk

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.