Sign-up

ID

VAR-201904-0151


CVE

CVE-2019-5424


TITLE

Ubiquiti Networks EdgeSwitch X command injection vulnerability

Trust: 1.4

sources: CNVD: CNVD-2019-39180 // JVNDB: JVNDB-2019-003377

DESCRIPTION

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user. Ubiquiti Networks EdgeSwitch X Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti Networks EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks. A command injection vulnerability exists in Ubiquiti Networks EdgeSwitch X 1.1.0 and earlier. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command

Trust: 2.25

sources: NVD: CVE-2019-5424 // JVNDB: JVNDB-2019-003377 // CNVD: CNVD-2019-39180 // VULHUB: VHN-156859

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39180

AFFECTED PRODUCTS

vendor:uimodel:edgeswitch xscope:lteversion:1.1.0

Trust: 1.0

vendor:ubiquitimodel:edgeswitch xscope:lteversion:1.1.0

Trust: 0.8

vendor:ubiquitimodel:networks edgeswitchscope:lteversion:<=1.1.0

Trust: 0.6

sources: CNVD: CNVD-2019-39180 // JVNDB: JVNDB-2019-003377 // NVD: CVE-2019-5424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5424
value: HIGH

Trust: 1.0

NVD: CVE-2019-5424
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-39180
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201904-535
value: HIGH

Trust: 0.6

VULHUB: VHN-156859
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-5424
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-39180
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-156859
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5424
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-5424
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39180 // VULHUB: VHN-156859 // JVNDB: JVNDB-2019-003377 // CNNVD: CNNVD-201904-535 // NVD: CVE-2019-5424

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-156859 // JVNDB: JVNDB-2019-003377 // NVD: CVE-2019-5424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-535

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201904-535

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003377

PATCH
title:EdgeMAX EdgeSwitch X software release v1.1.1url:https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137
Trust: 0.8
title:Patch for Ubiquiti Networks EdgeSwitch X command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/188645
Trust: 0.6
title:Ubiquiti Networks EdgeSwitch Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91350
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-39180 // 
            
            
            
            JVNDB: JVNDB-2019-003377 // 
            
            
            
            CNNVD: CNNVD-201904-535

EXTERNAL IDS
db:NVDid:CVE-2019-5424
Trust: 3.1
db:HACKERONEid:508256
Trust: 1.7
db:JVNDBid:JVNDB-2019-003377
Trust: 0.8
db:CNNVDid:CNNVD-201904-535
Trust: 0.7
db:CNVDid:CNVD-2019-39180
Trust: 0.6
db:VULHUBid:VHN-156859
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39180 // 
            
            
            
            VULHUB: VHN-156859 // 
            
            
            
            JVNDB: JVNDB-2019-003377 // 
            
            
            
            CNNVD: CNNVD-201904-535 // 
            
            
            
            NVD: CVE-2019-5424

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-5424
Trust: 2.0
url:https://community.ubnt.com/t5/edgemax-updates-blog/edgemax-edgeswitch-x-software-release-v1-1-1/ba-p/2731137
Trust: 1.7
url:https://hackerone.com/reports/508256
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5424
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-39180 // 
            
            
            
            VULHUB: VHN-156859 // 
            
            
            
            JVNDB: JVNDB-2019-003377 // 
            
            
            
            CNNVD: CNNVD-201904-535 // 
            
            
            
            NVD: CVE-2019-5424

SOURCES
db:CNVDid:CNVD-2019-39180
db:VULHUBid:VHN-156859
db:JVNDBid:JVNDB-2019-003377
db:CNNVDid:CNNVD-201904-535
db:NVDid:CVE-2019-5424

LAST UPDATE DATE
2024-11-23T22:37:53.564000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-39180date:2019-11-05T00:00:00
db:VULHUBid:VHN-156859date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-003377date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-535date:2020-10-28T00:00:00
db:NVDid:CVE-2019-5424date:2024-11-21T04:44:54.613

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-39180date:2019-11-05T00:00:00
db:VULHUBid:VHN-156859date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003377date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-535date:2019-04-10T00:00:00
db:NVDid:CVE-2019-5424date:2019-04-10T18:29:00.497