ID
VAR-201904-0152
CVE
CVE-2019-5425
TITLE
Ubiquiti Networks EdgeSwitch X Command injection vulnerability
Trust: 0.8
DESCRIPTION
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root. Ubiquiti Networks EdgeSwitch X Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti Networks EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks. A command injection vulnerability exists in Ubiquiti Networks EdgeSwitch X 1.1.0 and earlier. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | ui | model: | edgeswitch x | scope: | lte | version: | 1.1.0 | Trust: 1.0 |
| vendor: | ubiquiti | model: | edgeswitch x | scope: | lte | version: | 1.1.0 | Trust: 0.8 |
| vendor: | ubiquiti | model: | networks edgeswitch | scope: | lte | version: | <=1.1.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.1 |
| problemtype: | CWE-77 | Trust: 0.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
operating system commend injection
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | EdgeMAX EdgeSwitch X software release v1.1.1 | url: | https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137 | Trust: 0.8 |
| title: | Patch for Ubiquiti Networks EdgeSwitch X Command Injection Vulnerability (CNVD-2019-39181) | url: | https://www.cnvd.org.cn/patchInfo/show/188643 | Trust: 0.6 |
| title: | Ubiquiti Networks EdgeSwitch Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91349 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-5425 | Trust: 3.1 |
| db: | HACKERONE | id: | 511025 | Trust: 1.7 |
| db: | JVNDB | id: | JVNDB-2019-003378 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201904-534 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-39181 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-156860 | Trust: 0.1 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-5425 | Trust: 2.0 |
| url: | https://community.ubnt.com/t5/edgemax-updates-blog/edgemax-edgeswitch-x-software-release-v1-1-1/ba-p/2731137 | Trust: 1.7 |
| url: | https://hackerone.com/reports/511025 | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5425 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2019-39181 |
| db: | VULHUB | id: | VHN-156860 |
| db: | JVNDB | id: | JVNDB-2019-003378 |
| db: | CNNVD | id: | CNNVD-201904-534 |
| db: | NVD | id: | CVE-2019-5425 |
LAST UPDATE DATE
2024-11-23T22:21:43.966000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-39181 | date: | 2019-11-05T00:00:00 |
| db: | VULHUB | id: | VHN-156860 | date: | 2020-08-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-003378 | date: | 2019-05-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201904-534 | date: | 2021-08-16T00:00:00 |
| db: | NVD | id: | CVE-2019-5425 | date: | 2024-11-21T04:44:54.723 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-39181 | date: | 2019-11-05T00:00:00 |
| db: | VULHUB | id: | VHN-156860 | date: | 2019-04-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-003378 | date: | 2019-05-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201904-534 | date: | 2019-04-10T00:00:00 |
| db: | NVD | id: | CVE-2019-5425 | date: | 2019-04-10T18:29:00.557 |