Sign-up

ID

VAR-201712-0026


CVE

CVE-2016-6914


TITLE

Ubiquiti UniFi Video Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008875

DESCRIPTION

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. Ubiquiti UniFi Video Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UbiquitiUniFiVideo is a network camera product from Ubiquiti Networks of the United States. A local privilege elevation vulnerability exists in UbiquitiUniFiVideo. A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. A security vulnerability exists in Ubiquiti UniFi Video versions earlier than 3.8.0 based on the Windows platform. The vulnerability is caused by the program assigning weak permissions to the installation path

Trust: 2.52

sources: NVD: CVE-2016-6914 // JVNDB: JVNDB-2016-008875 // CNVD: CNVD-2017-38520 // BID: 102278 // VULHUB: VHN-95734

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38520

AFFECTED PRODUCTS

vendor:uimodel:unifi videoscope:ltversion:3.8.0

Trust: 1.0

vendor:ubiquitimodel:unifi videoscope:ltversion:3.8.0

Trust: 0.8

vendor:ubiquitimodel:unifi videoscope:eqversion:3.7.3

Trust: 0.6

vendor:ubiquitimodel:unifi videoscope:eqversion:3.7.0

Trust: 0.6

vendor:ubiquitimodel:unifi videoscope:eqversion:3.7.2

Trust: 0.6

vendor:ubntmodel:unifi videoscope:eqversion:3.0.1

Trust: 0.6

vendor:ubntmodel:unifi videoscope:eqversion:2.1.3

Trust: 0.6

vendor:ubiquitimodel:networks unifiscope:eqversion:3.7.3

Trust: 0.3

vendor:ubiquitimodel:networks unifiscope:eqversion:3.7

Trust: 0.3

vendor:ubiquitimodel:networks unifiscope:eqversion:3.2.2

Trust: 0.3

vendor:ubiquitimodel:networks unifiscope:eqversion:3.2.1

Trust: 0.3

vendor:ubiquitimodel:networks unifiscope:neversion:3.8

Trust: 0.3

sources: CNVD: CNVD-2017-38520 // BID: 102278 // JVNDB: JVNDB-2016-008875 // CNNVD: CNNVD-201712-935 // NVD: CVE-2016-6914

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6914
value: HIGH

Trust: 1.0

NVD: CVE-2016-6914
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-38520
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-935
value: HIGH

Trust: 0.6

VULHUB: VHN-95734
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6914
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38520
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95734
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6914
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-6914
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-38520 // VULHUB: VHN-95734 // JVNDB: JVNDB-2016-008875 // CNNVD: CNNVD-201712-935 // NVD: CVE-2016-6914

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-95734 // JVNDB: JVNDB-2016-008875 // NVD: CVE-2016-6914

THREAT TYPE

local

Trust: 0.9

sources: BID: 102278 // CNNVD: CNNVD-201712-935

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201712-935

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008875

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-95734

PATCH
title:Top Pageurl:https://www.ubnt.com/
Trust: 0.8
title:UbiquitiUniFiVideo Local Privilege Escalation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/111987
Trust: 0.6
title:Ubiquiti UniFi Video for Windows Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77344
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38520 // 
            
            
            
            JVNDB: JVNDB-2016-008875 // 
            
            
            
            CNNVD: CNNVD-201712-935

EXTERNAL IDS
db:NVDid:CVE-2016-6914
Trust: 3.4
db:BIDid:102278
Trust: 2.6
db:PACKETSTORMid:145533
Trust: 2.5
db:EXPLOIT-DBid:43390
Trust: 1.7
db:HACKERONEid:140793
Trust: 1.7
db:JVNDBid:JVNDB-2016-008875
Trust: 0.8
db:CNNVDid:CNNVD-201712-935
Trust: 0.7
db:CNVDid:CNVD-2017-38520
Trust: 0.6
db:VULHUBid:VHN-95734
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38520 // 
            
            
            
            VULHUB: VHN-95734 // 
            
            
            
            BID: 102278 // 
            
            
            
            JVNDB: JVNDB-2016-008875 // 
            
            
            
            CNNVD: CNNVD-201712-935 // 
            
            
            
            NVD: CVE-2016-6914

REFERENCES
url:http://seclists.org/fulldisclosure/2017/dec/83
Trust: 2.6
url:http://packetstormsecurity.com/files/145533/ubiquiti-unifi-video-3.7.3-windows-local-privilege-escalation.html
Trust: 2.5
url:http://www.securityfocus.com/bid/102278
Trust: 2.3
url:https://www.exploit-db.com/exploits/43390/
Trust: 1.7
url:https://hackerone.com/reports/140793
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6914
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-6914
Trust: 0.8
url:https://www.ubnt.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-38520 // 
            
            
            
            VULHUB: VHN-95734 // 
            
            
            
            BID: 102278 // 
            
            
            
            JVNDB: JVNDB-2016-008875 // 
            
            
            
            CNNVD: CNNVD-201712-935 // 
            
            
            
            NVD: CVE-2016-6914

CREDITS
Julien Ahrens from RCE Security.
Trust: 0.9
sources:
            
            
            BID: 102278 // 
            
            
            
            CNNVD: CNNVD-201712-935

SOURCES
db:CNVDid:CNVD-2017-38520
db:VULHUBid:VHN-95734
db:BIDid:102278
db:JVNDBid:JVNDB-2016-008875
db:CNNVDid:CNNVD-201712-935
db:NVDid:CVE-2016-6914

LAST UPDATE DATE
2025-04-20T23:36:44.563000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38520date:2017-12-29T00:00:00
db:VULHUBid:VHN-95734date:2018-01-10T00:00:00
db:BIDid:102278date:2017-12-22T00:00:00
db:JVNDBid:JVNDB-2016-008875date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201712-935date:2021-09-14T00:00:00
db:NVDid:CVE-2016-6914date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38520date:2017-12-29T00:00:00
db:VULHUBid:VHN-95734date:2017-12-27T00:00:00
db:BIDid:102278date:2017-12-22T00:00:00
db:JVNDBid:JVNDB-2016-008875date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201712-935date:2017-12-27T00:00:00
db:NVDid:CVE-2016-6914date:2017-12-27T17:29:00.230