CVE-2017-0934
First published: Mon May 01 2017(Updated: )
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubnt Edgeos | <=1.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-0934?
CVE-2017-0934 is a vulnerability in Ubiquiti Networks EdgeOS version 1.9.1 and prior that allows an attacker with access to an operator account to escalate privileges to admin and gain sensitive information.
How severe is CVE-2017-0934?
CVE-2017-0934 has a severity score of 8.8 (critical) according to the CVSS (Common Vulnerability Scoring System).
How does CVE-2017-0934 occur?
CVE-2017-0934 occurs due to improper privilege management and the lack of protection of the file system in Ubiquiti Networks EdgeOS version 1.9.1 and prior.
What is the affected software and version for CVE-2017-0934?
The affected software is Ubiquiti Networks EdgeOS version 1.9.1 and prior.
How can I fix CVE-2017-0934?
To fix CVE-2017-0934, upgrade to a version of Ubiquiti Networks EdgeOS that is higher than 1.9.1.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/ubnt
- canonical/ubnt edgeos
- version/ubnt edgeos/1.9.1