Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
695
VMScore

CVE-2019-16889

Published: 25/09/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 695
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Ui

Vulnerability Summary

Ubiquiti EdgeMAX devices prior to 2.0.3 allow remote malicious users to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ui er-x_firmware

ui er-x-sfp_firmware

ui ep-r6_firmware

ui erlite-3_firmware

ui erpoe-5_firmware

ui er-8_firmware

ui erpro-8_firmware

ui ep-r8_firmware

ui er-4_firmware

ui er-6p_firmware

ui er-12_firmware

ui er-8-xg_firmware

Github Repositories

https://github.com/grampae/meep

Proof of conecept for CVE-2019-16889 (Resource consumption on Ubiquiti Edgemax 1.10.6 and earlier

Resource Consumption DOS on Edgemax v1106 Resource consumption Denial of service This was reported last year and has been fixed as of version 203 It has been assigned CVE-2019-16889 This is my first time using asyncio, if you see a more efficient way to do this please let me know! See the following: mjlanderscom/2019/07/28/resource-consumption-dos-on-edgemax-v1

https://github.com/grampae/meep2

Cookie resource consumption testing tool.

meep2 Cookie resource consumption denial of service testing tool This tool is adapted off of the proof of concept tool I created for CVE-2019-16889 It differs from the original poc in that it allows you to define the cookie value This allows the tool to be used to test any cookie value regardless of architecture for resource consumption Use 'pip3 install -r requireme

References

CWE-770https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643https://hackerone.com/reports/406614https://nvd.nist.govhttps://github.com/grampae/meep
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook