Local Port Forwarding Vulnerability in Ubiquiti Networks EdgeSwitch X
CVE-2019-5426

4.8MEDIUM

Key Information:

Vendor: Ubiquiti Networks
Status: Edgemax
Vendor: CVE Published:; 10 April 2019

🔔 Create Ubiquiti Networks Vulnerability Alert

What is CVE-2019-5426?

An unauthenticated user can exploit the local and dynamic port forwarding capabilities of Ubiquiti Networks EdgeSwitch X v1.1.0 and earlier. This vulnerability enables attackers without credentials to access local services and forward traffic through the device, contingent on SSH being enabled in the system settings. The risk underscores the importance of securing configuration settings on network devices to prevent unauthorized access.

Affected Version(s)

EdgeMAX EdgeSwitch X prior to v1.1.1

References

https://hackerone.com/reports/512958

x_refsource_MISC

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMA...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2019
Vulnerability Reserved
Jan 4, 2019