Sign-up

ID

VAR-201907-0115


CVE

CVE-2019-5456


TITLE

UniFi Controller Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-007340

DESCRIPTION

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. UniFi Controller Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-5456 // JVNDB: JVNDB-2019-007340 // VULMON: CVE-2019-5456

AFFECTED PRODUCTS

vendor:uimodel:unifi controllerscope:lteversion:5.10.21

Trust: 1.0

vendor:ubiquitimodel:unifi controllerscope:lteversion:5.10.21

Trust: 0.8

sources: JVNDB: JVNDB-2019-007340 // NVD: CVE-2019-5456

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5456
value: HIGH

Trust: 1.0

NVD: CVE-2019-5456
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-1573
value: HIGH

Trust: 0.6

VULMON: CVE-2019-5456
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5456
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-5456
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-5456
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-5456 // JVNDB: JVNDB-2019-007340 // CNNVD: CNNVD-201907-1573 // NVD: CVE-2019-5456

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

problemtype:CWE-300

Trust: 1.0

sources: JVNDB: JVNDB-2019-007340 // NVD: CVE-2019-5456

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1573

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-1573

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007340

PATCH
title:UniFi Network Controller 5.10.23 Stable has been releasedurl:https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c
Trust: 0.8
title:UniFi Network Controller 5.6.42 Stable has been releasedurl:https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124
Trust: 0.8
title:Security Advisory Bulletin 003url:https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391
Trust: 0.8
title:Ubiquiti Networks UniFi Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95689
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007340 // 
            
            
            
            CNNVD: CNNVD-201907-1573

EXTERNAL IDS
db:NVDid:CVE-2019-5456
Trust: 2.5
db:HACKERONEid:519582
Trust: 1.7
db:JVNDBid:JVNDB-2019-007340
Trust: 0.8
db:CNNVDid:CNNVD-201907-1573
Trust: 0.6
db:VULMONid:CVE-2019-5456
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5456 // 
            
            
            
            JVNDB: JVNDB-2019-007340 // 
            
            
            
            CNNVD: CNNVD-201907-1573 // 
            
            
            
            NVD: CVE-2019-5456

REFERENCES
url:https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c
Trust: 1.7
url:https://hackerone.com/reports/519582
Trust: 1.7
url:https://community.ui.com/releases/security-advisory-bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391
Trust: 1.7
url:https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5456
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5456
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5456 // 
            
            
            
            JVNDB: JVNDB-2019-007340 // 
            
            
            
            CNNVD: CNNVD-201907-1573 // 
            
            
            
            NVD: CVE-2019-5456

SOURCES
db:VULMONid:CVE-2019-5456
db:JVNDBid:JVNDB-2019-007340
db:CNNVDid:CNNVD-201907-1573
db:NVDid:CVE-2019-5456

LAST UPDATE DATE
2024-11-23T22:55:31.377000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2019-5456date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2019-007340date:2019-08-07T00:00:00
db:CNNVDid:CNNVD-201907-1573date:2019-08-07T00:00:00
db:NVDid:CVE-2019-5456date:2024-11-21T04:44:58.127

SOURCES RELEASE DATE
db:VULMONid:CVE-2019-5456date:2019-07-30T00:00:00
db:JVNDBid:JVNDB-2019-007340date:2019-08-07T00:00:00
db:CNNVDid:CNNVD-201907-1573date:2019-07-30T00:00:00
db:NVDid:CVE-2019-5456date:2019-07-30T21:15:12.037