CVE-2018-12590
First published: Wed Jun 20 2018(Updated: )
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Edgeswitch Firmware | <=1.7.3 | |
| Ui Edgeswitch |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-12590?
CVE-2018-12590 refers to a format-string vulnerability in Ubiquiti Networks EdgeSwitch version 1.7.3 and prior.
How severe is CVE-2018-12590?
CVE-2018-12590 has a severity rating of 7.2, which is considered critical.
What is the affected software for CVE-2018-12590?
The affected software for CVE-2018-12590 is Ubiquiti Networks EdgeSwitch version 1.7.3 and prior.
What is the impact of CVE-2018-12590?
CVE-2018-12590 allows an attacker with access to the admin CLI to execute arbitrary code and escalate privileges.
Is there a fix available for CVE-2018-12590?
It is recommended to update Ubiquiti Networks EdgeSwitch to a version higher than 1.7.3 to mitigate CVE-2018-12590.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ui
- canonical/ui edgeswitch firmware
- version/ui edgeswitch firmware/1.7.3
- canonical/ui edgeswitch