Vulnerability Details CVE-2020-8188
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4
- https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba
- https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5
- https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4
- https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba
- https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5
Products affected by CVE-2020-8188
-
cpe:2.3:h:ui:unifi_cloud_key_plus:-
-
cpe:2.3:h:ui:unifi_dream_machine_pro:-
-
cpe:2.3:h:ui:unifi_protect:-
-
cpe:2.3:o:ui:unifi_protect_firmware:1.13.2
-
cpe:2.3:o:ui:unifi_protect_firmware:1.13.3
-
cpe:2.3:o:ui:unifi_protect_firmware:1.14.8
-
cpe:2.3:o:ui:unifi_protect_firmware:1.14.9