Vulnerability Details CVE-2019-16889
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.115
EPSS Ranking 93.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643
- https://hackerone.com/reports/406614
- https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/
- https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643
- https://hackerone.com/reports/406614
- https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/
Products affected by CVE-2019-16889
-
cpe:2.3:h:ui:ep-r6:-
-
cpe:2.3:h:ui:ep-r8:-
-
cpe:2.3:h:ui:er-12:-
-
cpe:2.3:h:ui:er-4:-
-
cpe:2.3:h:ui:er-6p:-
-
cpe:2.3:h:ui:er-8-xg:-
-
cpe:2.3:h:ui:er-8:-
-
cpe:2.3:h:ui:er-x-sfp:-
-
cpe:2.3:h:ui:er-x:-
-
cpe:2.3:h:ui:erlite-3:-
-
cpe:2.3:h:ui:erpoe-5:-
-
cpe:2.3:h:ui:erpro-8:-
-
cpe:2.3:o:ui:ep-r6_firmware:-
-
cpe:2.3:o:ui:ep-r6_firmware:2.0.0
-
cpe:2.3:o:ui:ep-r6_firmware:2.0.1
-
cpe:2.3:o:ui:ep-r6_firmware:2.0.2
-
cpe:2.3:o:ui:ep-r8_firmware:-
-
cpe:2.3:o:ui:ep-r8_firmware:2.0.0
-
cpe:2.3:o:ui:ep-r8_firmware:2.0.1
-
cpe:2.3:o:ui:ep-r8_firmware:2.0.2
-
cpe:2.3:o:ui:er-12_firmware:-
-
cpe:2.3:o:ui:er-12_firmware:2.0.0
-
cpe:2.3:o:ui:er-12_firmware:2.0.1
-
cpe:2.3:o:ui:er-12_firmware:2.0.2
-
cpe:2.3:o:ui:er-4_firmware:-
-
cpe:2.3:o:ui:er-4_firmware:2.0.0
-
cpe:2.3:o:ui:er-4_firmware:2.0.1
-
cpe:2.3:o:ui:er-4_firmware:2.0.2
-
cpe:2.3:o:ui:er-6p_firmware:-
-
cpe:2.3:o:ui:er-6p_firmware:2.0.0
-
cpe:2.3:o:ui:er-6p_firmware:2.0.1
-
cpe:2.3:o:ui:er-6p_firmware:2.0.2
-
cpe:2.3:o:ui:er-8-xg_firmware:-
-
cpe:2.3:o:ui:er-8-xg_firmware:2.0.0
-
cpe:2.3:o:ui:er-8-xg_firmware:2.0.1
-
cpe:2.3:o:ui:er-8-xg_firmware:2.0.2
-
cpe:2.3:o:ui:er-8_firmware:-
-
cpe:2.3:o:ui:er-8_firmware:2.0.0
-
cpe:2.3:o:ui:er-8_firmware:2.0.1
-
cpe:2.3:o:ui:er-8_firmware:2.0.2
-
cpe:2.3:o:ui:er-x-sfp_firmware:-
-
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.0
-
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.1
-
cpe:2.3:o:ui:er-x-sfp_firmware:2.0.2
-
cpe:2.3:o:ui:er-x_firmware:-
-
cpe:2.3:o:ui:er-x_firmware:2.0.0
-
cpe:2.3:o:ui:er-x_firmware:2.0.1
-
cpe:2.3:o:ui:er-x_firmware:2.0.2
-
cpe:2.3:o:ui:erlite-3_firmware:-
-
cpe:2.3:o:ui:erlite-3_firmware:2.0.0
-
cpe:2.3:o:ui:erlite-3_firmware:2.0.1
-
cpe:2.3:o:ui:erlite-3_firmware:2.0.2
-
cpe:2.3:o:ui:erpoe-5_firmware:-
-
cpe:2.3:o:ui:erpoe-5_firmware:2.0.0
-
cpe:2.3:o:ui:erpoe-5_firmware:2.0.1
-
cpe:2.3:o:ui:erpoe-5_firmware:2.0.2
-
cpe:2.3:o:ui:erpro-8_firmware:-
-
cpe:2.3:o:ui:erpro-8_firmware:2.0.0
-
cpe:2.3:o:ui:erpro-8_firmware:2.0.1
-
cpe:2.3:o:ui:erpro-8_firmware:2.0.2