CVE-2017-0935
First published: Wed Sep 06 2017(Updated: )
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Edgeos | <=1.9.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2017-0935.
What is the severity of CVE-2017-0935?
The severity of CVE-2017-0935 is critical with a severity value of 8.8.
What software versions are affected by CVE-2017-0935?
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior are affected by CVE-2017-0935.
How does CVE-2017-0935 exploit the vulnerability?
CVE-2017-0935 exploits an Improper Privilege Management vulnerability due to the lack of protection of the file system, allowing sensitive information to be exposed.
How can an attacker escalate privileges to admin using CVE-2017-0935?
An attacker with access to an operator (read-only) account can escalate privileges to admin using CVE-2017-0935.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/ui
- canonical/ui edgeos
- version/ui edgeos/1.9.1.1