CVE-2019-16889
First published: Wed Sep 25 2019(Updated: )
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Er-x Firmware | <2.0.3 | |
| Ui Er-x | ||
| Ui Er-x-sfp Firmware | <2.0.3 | |
| Ui Er-x-sfp | ||
| Ui Ep-r6 Firmware | <2.0.3 | |
| Ui Ep-r6 | ||
| Ui Erlite-3 Firmware | <2.0.3 | |
| Ui Erlite-3 | ||
| Ui Erpoe-5 Firmware | <2.0.3 | |
| Ui Erpoe-5 | ||
| Ui Er-8 Firmware | <2.0.3 | |
| Ui Er-8 | ||
| Ui Erpro-8 Firmware | <2.0.3 | |
| Ui Erpro-8 | ||
| Ui Ep-r8 Firmware | <2.0.3 | |
| Ui Ep-r8 | ||
| Ui Er-4 Firmware | <2.0.3 | |
| Ui Er-4 | ||
| Ui Er-6p Firmware | <2.0.3 | |
| Ui Er-6p | ||
| Ui Er-12 Firmware | <2.0.3 | |
| Ui Er-12 | ||
| Ui Er-8-xg Firmware | <2.0.3 | |
| Ui Er-8-xg |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-16889?
CVE-2019-16889 is a vulnerability that allows remote attackers to cause a denial of service (disk consumption) on Ubiquiti EdgeMAX devices before version 2.0.3.
How do I determine if my Ubiquiti EdgeMAX device is affected?
You can check if your Ubiquiti EdgeMAX device is affected by verifying the firmware version. If it is before version 2.0.3, it is vulnerable.
What is the severity of CVE-2019-16889?
CVE-2019-16889 has a severity score of 7.5 (High).
How can I fix CVE-2019-16889?
To fix CVE-2019-16889, you need to update the firmware of your Ubiquiti EdgeMAX device to version 2.0.3 or later.
Where can I find more information about CVE-2019-16889?
You can find more information about CVE-2019-16889 at the following references: [link1], [link2], [link3].
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/event
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ui
- canonical/ui er-x firmware
- canonical/ui er-x
- canonical/ui er-x-sfp firmware
- canonical/ui er-x-sfp
- canonical/ui ep-r6 firmware
- canonical/ui ep-r6
- canonical/ui erlite-3 firmware
- canonical/ui erlite-3
- canonical/ui erpoe-5 firmware
- canonical/ui erpoe-5
- canonical/ui er-8 firmware
- canonical/ui er-8
- canonical/ui erpro-8 firmware
- canonical/ui erpro-8
- canonical/ui ep-r8 firmware
- canonical/ui ep-r8
- canonical/ui er-4 firmware
- canonical/ui er-4
- canonical/ui er-6p firmware
- canonical/ui er-6p
- canonical/ui er-12 firmware
- canonical/ui er-12
- canonical/ui er-8-xg firmware
- canonical/ui er-8-xg