UniFi Video v3.10.1 Improper Privilege Management Vulnerability

Summary

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. 

 

 

 

 

 

Credit:

The information has been provided by Vendor

The original article can be found at:https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e

 


Details

The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer.

 

Vulnerable Systems:

UniFi Video v3.10.1

 

CVE Information:

CVE-2020-8146

 

Disclosure Timeline:
Published Date:4/1/2020

 

Categories: FeaturedNews