Cross-Site Request Forgery Vulnerability in Ubiquiti Networks EdgeOS
CVE-2017-0933

8HIGH

Key Information:

Vendor: Ubiquiti Networks
Status: Edgerouter X
Vendor: CVE Published:; 22 March 2018

🔔 Create Ubiquiti Networks Vulnerability Alert

What is CVE-2017-0933?

Ubiquiti Networks EdgeOS versions up to and including 1.9.1 are susceptible to a Cross-Site Request Forgery vulnerability. This security flaw could allow an attacker with a read-only operator account to craft a malicious page that, when accessed by an administrative user, could lead to unauthorized escalation of privileges. The attacker could gain access to admin-level capabilities, compromising the integrity and security of the affected systems.

Affected Version(s)

EdgeRouter X EdgeOS v1.9.1 and prior

References

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMA...

x_refsource_CONFIRM

https://hackerone.com/reports/240098

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2018
Vulnerability Reserved
Nov 30, 2016