Published: 27/12/2017 Updated: 13/09/2021

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Ubiquiti UniFi Video prior to 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ui unifi_video

RCE Security Advisory wwwrcesecuritycom 1 ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video (Windows) Vendor URL: wwwubntcom Type: Improper Handling of Insufficient Permissions or Privileges [CWE-280] Date found: 2016-05-24 Date published: 2017-12-20 CVSSv3 Sco ...

CWE-276 https://hackerone.com/reports/140793 http://seclists.org/fulldisclosure/2017/Dec/83 http://packetstormsecurity.com/files/145533/Ubiquiti-UniFi-Video-3.7.3-Windows-Local-Privilege-Escalation.html https://www.exploit-db.com/exploits/43390/http://www.securityfocus.com/bid/102278 https://nvd.nist.gov https://www.exploit-db.com/exploits/43390/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-6914

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect