CVE-2017-0913
First published: Tue Jul 03 2018(Updated: )
Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubnt Ucrm | >=2.3.0<=2.7.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Ubiquiti UCRM vulnerability?
The vulnerability ID of this Ubiquiti UCRM vulnerability is CVE-2017-0913.
What is the severity of CVE-2017-0913?
The severity of CVE-2017-0913 is medium with a CVSS score of 4.7.
Which version of Ubiquiti UCRM is affected by CVE-2017-0913?
Ubiquiti UCRM versions 2.3.0 to 2.7.7 are affected by CVE-2017-0913.
What can an authenticated user do in exploit CVE-2017-0913?
An authenticated user can read arbitrary files in the local file system.
What are the required conditions for successful exploitation of CVE-2017-0913?
Successful exploitation of CVE-2017-0913 requires valid credentials to an account with "Edit" access to "System Customizat…
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ubnt
- canonical/ubnt ucrm
- version/ubnt ucrm/2.3.0
- version/ubnt ucrm/2.7.7