CVE-2018-12591: OS Command Injection
First published: Wed Jun 20 2018(Updated: )
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubnt Edgeswitch Firmware | <=1.7.3 | |
| Ubnt Edgeswitch |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Ubiquiti Networks EdgeSwitch vulnerability?
The vulnerability ID for this Ubiquiti Networks EdgeSwitch vulnerability is CVE-2018-12591.
What is the severity of CVE-2018-12591?
The severity of CVE-2018-12591 is critical with a score of 7.2.
What is the affected software version for CVE-2018-12591?
The affected software version for CVE-2018-12591 is Ubiquiti Networks EdgeSwitch version 1.7.3 and prior.
How does CVE-2018-12591 vulnerability occur?
CVE-2018-12591 vulnerability occurs due to an improperly neutralized element in an OS command on the admin CLI.
Are there any known fixes for CVE-2018-12591?
There may be a fix available for CVE-2018-12591, it is recommended to check the official vendor's website or contact their support for further information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/references
- agent/description
- agent/event
- agent/source
- vendor/ubnt
- canonical/ubnt edgeswitch firmware
- version/ubnt edgeswitch firmware/1.7.3
- canonical/ubnt edgeswitch