UniFi Video v3.10.1 Improper Privilege Management Vulnerability


In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. 







The information has been provided by Vendor

The original article can be found at:https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e



The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer.


Vulnerable Systems:

UniFi Video v3.10.1


CVE Information:



Disclosure Timeline:
Published Date:4/1/2020


Categories: FeaturedNews