Sign-up

ID

VAR-202105-0130


CVE

CVE-2020-24755


TITLE

Ubiquiti UniFi Video  Vulnerability in Uncontrolled Search Path Elements

Trust: 0.8

sources: JVNDB: JVNDB-2020-016759

DESCRIPTION

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64). Ubiquiti UniFi Video There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-24755 // JVNDB: JVNDB-2020-016759 // VULMON: CVE-2020-24755

AFFECTED PRODUCTS

vendor:uimodel:unifi videoscope:eqversion:3.10.13

Trust: 1.0

vendor:ubiquitimodel:unifi videoscope:eqversion: -

Trust: 0.8

vendor:ubiquitimodel:unifi videoscope:eqversion:3.10.13

Trust: 0.8

sources: JVNDB: JVNDB-2020-016759 // NVD: CVE-2020-24755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24755
value: HIGH

Trust: 1.0

NVD: CVE-2020-24755
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202105-1194
value: HIGH

Trust: 0.6

VULMON: CVE-2020-24755
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-24755
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-24755
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-24755
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-24755 // JVNDB: JVNDB-2020-016759 // CNNVD: CNNVD-202105-1194 // NVD: CVE-2020-24755

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.0

problemtype:Uncontrolled search path elements (CWE-427) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-016759 // NVD: CVE-2020-24755

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1194

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202105-1194

PATCH

title:Top Pageurl:https://www.ui.com/

Trust: 0.8

title:UniFi Video Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151844

Trust: 0.6

sources: JVNDB: JVNDB-2020-016759 // CNNVD: CNNVD-202105-1194

EXTERNAL IDS

db:NVDid:CVE-2020-24755

Trust: 3.3

db:JVNDBid:JVNDB-2020-016759

Trust: 0.8

db:CNNVDid:CNNVD-202105-1194

Trust: 0.6

db:VULMONid:CVE-2020-24755

Trust: 0.1

sources: VULMON: CVE-2020-24755 // JVNDB: JVNDB-2020-016759 // CNNVD: CNNVD-202105-1194 // NVD: CVE-2020-24755

REFERENCES

url:https://www.youtube.com/watch?v=t41h4yeh9dk

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-24755

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/427.html

Trust: 0.1

url:https://github.com/jamesgeee/cve-2020-24755

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2020-24755 // JVNDB: JVNDB-2020-016759 // CNNVD: CNNVD-202105-1194 // NVD: CVE-2020-24755

SOURCES

db:VULMONid:CVE-2020-24755
db:JVNDBid:JVNDB-2020-016759
db:CNNVDid:CNNVD-202105-1194
db:NVDid:CVE-2020-24755

LAST UPDATE DATE

2024-08-14T14:44:25.869000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-24755date:2021-05-24T00:00:00
db:JVNDBid:JVNDB-2020-016759date:2022-01-26T09:04:00
db:CNNVDid:CNNVD-202105-1194date:2021-05-25T00:00:00
db:NVDid:CVE-2020-24755date:2021-05-24T17:48:35.257

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-24755date:2021-05-17T00:00:00
db:JVNDBid:JVNDB-2020-016759date:2022-01-26T00:00:00
db:CNNVDid:CNNVD-202105-1194date:2021-05-17T00:00:00
db:NVDid:CVE-2020-24755date:2021-05-17T22:15:07.493