Sign-up

ID

VAR-201905-0101


CVE

CVE-2019-5430


TITLE

UniFi Video Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2019-003880

DESCRIPTION

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page. UniFi Video Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-5430 // JVNDB: JVNDB-2019-003880 // VULMON: CVE-2019-5430

AFFECTED PRODUCTS

vendor:uimodel:unifi videoscope:lteversion:3.10.0

Trust: 1.0

vendor:ubiquitimodel:unifi videoscope:lteversion:3.10.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-003880 // NVD: CVE-2019-5430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5430
value: HIGH

Trust: 1.0

NVD: CVE-2019-5430
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-127
value: HIGH

Trust: 0.6

VULMON: CVE-2019-5430
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5430
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-5430
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2019-5430 // JVNDB: JVNDB-2019-003880 // CNNVD: CNNVD-201905-127 // NVD: CVE-2019-5430

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2019-003880 // NVD: CVE-2019-5430

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-127

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-127

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003880

PATCH
title:UniFi Video 3.10.1 Soft Releaseurl:https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-10-1-Soft-Release/ba-p/2658279
Trust: 0.8
title:UniFi Video Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92275
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003880 // 
            
            
            
            CNNVD: CNNVD-201905-127

EXTERNAL IDS
db:NVDid:CVE-2019-5430
Trust: 2.5
db:HACKERONEid:329749
Trust: 1.7
db:JVNDBid:JVNDB-2019-003880
Trust: 0.8
db:CNNVDid:CNNVD-201905-127
Trust: 0.6
db:VULMONid:CVE-2019-5430
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5430 // 
            
            
            
            JVNDB: JVNDB-2019-003880 // 
            
            
            
            CNNVD: CNNVD-201905-127 // 
            
            
            
            NVD: CVE-2019-5430

REFERENCES
url:https://hackerone.com/reports/329749
Trust: 1.7
url:https://community.ubnt.com/t5/unifi-video-blog/unifi-video-3-10-1-soft-release/ba-p/2658279
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5430
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5430
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5430 // 
            
            
            
            JVNDB: JVNDB-2019-003880 // 
            
            
            
            CNNVD: CNNVD-201905-127 // 
            
            
            
            NVD: CVE-2019-5430

SOURCES
db:VULMONid:CVE-2019-5430
db:JVNDBid:JVNDB-2019-003880
db:CNNVDid:CNNVD-201905-127
db:NVDid:CVE-2019-5430

LAST UPDATE DATE
2024-11-23T22:51:49.231000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2019-5430date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-003880date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-127date:2019-05-14T00:00:00
db:NVDid:CVE-2019-5430date:2024-11-21T04:44:55.260

SOURCES RELEASE DATE
db:VULMONid:CVE-2019-5430date:2019-05-06T00:00:00
db:JVNDBid:JVNDB-2019-003880date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-127date:2019-05-06T00:00:00
db:NVDid:CVE-2019-5430date:2019-05-06T17:29:00.387