CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-0913

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.0%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 1.9

References

https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814
https://hackerone.com/reports/301406
https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814
https://hackerone.com/reports/301406

Products affected by CVE-2017-0913

Ubnt » Ucrm » Version: Any

cpe:2.3:a:ubnt:ucrm:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-0913

Products

Pricing

Contact Us