Vulnerability-Lookup

CVE-2019-5446 (GCVE-0-2019-5446)

Vulnerability from cvelistv5 – Published: 2019-07-10 19:47 – Updated: 2024-08-04 19:54

Summary

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.

Severity ?

No CVSS data available.

CWE

CWE-77 - Command Injection - Generic (CWE-77)

Assigner

hackerone

References

URL

	Vendor	Product	Version
	n/a	EdgeMAX	Affected: 1.8.1

VAR-201907-0109

Vulnerability from variot - Updated: 2024-11-23 22:48

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. EdgeMAX EdgeSwitch Contains a command injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. UbiquitiNetworksEdgeMAXEdgeSwitch is a PoE+ Gigabit switch from Ubiquiti Networks. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0109",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "edgeswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ui",
        "version": "1.8.2"
      },
      {
        "model": "edgeswitch",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ubiquiti",
        "version": "1.8.2"
      },
      {
        "model": "networks ubiquiti networks edgemax edgeswitch",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "ubiquiti",
        "version": "1.8.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5446"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:ubiquiti_networks:edgeswitch_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      }
    ]
  },
  "cve": "CVE-2019-5446",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2019-5446",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-22212",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2019-5446",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-5446",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-5446",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-5446",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-22212",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-607",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-5446",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5446"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. EdgeMAX EdgeSwitch Contains a command injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. UbiquitiNetworksEdgeMAXEdgeSwitch is a PoE+ Gigabit switch from Ubiquiti Networks. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5446"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5446",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-607",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5446",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5446"
      }
    ]
  },
  "id": "VAR-201907-0109",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      }
    ],
    "trust": 1.2148148
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:48:22.103000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "EdgeMAX EdgeSwitch Firmware v1.8.2",
        "trust": 0.8,
        "url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7"
      },
      {
        "title": "Patch for EdgeMAXEdgeSwitch command injection vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/168499"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2019-5446 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5446"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5446"
      },
      {
        "trust": 1.7,
        "url": "https://community.ui.com/releases/edgemax-edgeswitch-firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5446"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/77.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-5446"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5446"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5446"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      },
      {
        "date": "2019-07-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5446"
      },
      {
        "date": "2019-07-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      },
      {
        "date": "2019-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-607"
      },
      {
        "date": "2019-07-10T20:15:12.763000",
        "db": "NVD",
        "id": "CVE-2019-5446"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-22212"
      },
      {
        "date": "2023-02-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5446"
      },
      {
        "date": "2019-07-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      },
      {
        "date": "2019-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-607"
      },
      {
        "date": "2024-11-21T04:44:57.033000",
        "db": "NVD",
        "id": "CVE-2019-5446"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-607"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "EdgeMAX EdgeSwitch Vulnerable to command injection",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006411"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-607"
      }
    ],
    "trust": 0.6
  }
}

GSD-2019-5446

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.

Aliases

CVE-2019-5446

Aliases

CVE-2019-5446

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5446",
    "description": "Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.",
    "id": "GSD-2019-5446"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5446"
      ],
      "details": "Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.",
      "id": "GSD-2019-5446",
      "modified": "2023-12-13T01:23:55.281476Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2019-5446",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EdgeMAX",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "1.8.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Command Injection - Generic (CWE-77)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7",
            "refsource": "MISC",
            "url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ui:edgeswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.8.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:ep-s16.:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-12f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-16-150w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-16-xg:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-24-250w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-24-500w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-24-lite:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-48-500w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-48-750w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-48-lite:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ui:es-8-150w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2019-5446"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-02T22:19Z",
      "publishedDate": "2019-07-10T20:15Z"
    }
  }
}

CNVD-2019-22212

Vulnerability from cnvd - Published: 2019-07-12

Title

EdgeMAX EdgeSwitch命令注入漏洞

Description

Ubiquiti Networks EdgeMAX EdgeSwitch是美国优比快（Ubiquiti Networks）公司的一款PoE+千兆交换机。 Ubiquiti Networks EdgeMAX EdgeSwitch 1.8.2之前版本中存在命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

Severity

高

Patch Name

EdgeMAX EdgeSwitch命令注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-5446

Impacted products

Name
Ubiquiti Networks Ubiquiti Networks EdgeMAX EdgeSwitch <1.8.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5446",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-5446"
    }
  },
  "description": "Ubiquiti Networks EdgeMAX EdgeSwitch\u662f\u7f8e\u56fd\u4f18\u6bd4\u5feb\uff08Ubiquiti Networks\uff09\u516c\u53f8\u7684\u4e00\u6b3ePoE+\u5343\u5146\u4ea4\u6362\u673a\u3002\n\nUbiquiti Networks EdgeMAX EdgeSwitch 1.8.2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002",
  "discovererName": "unKnow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-22212",
  "openTime": "2019-07-12",
  "patchDescription": "Ubiquiti Networks EdgeMAX EdgeSwitch\u662f\u7f8e\u56fd\u4f18\u6bd4\u5feb\uff08Ubiquiti Networks\uff09\u516c\u53f8\u7684\u4e00\u6b3ePoE+\u5343\u5146\u4ea4\u6362\u673a\u3002\r\n\r\nUbiquiti Networks EdgeMAX EdgeSwitch 1.8.2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EdgeMAX EdgeSwitch\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Ubiquiti Networks Ubiquiti Networks EdgeMAX EdgeSwitch \u003c1.8.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5446",
  "serverity": "\u9ad8",
  "submitTime": "2019-07-11",
  "title": "EdgeMAX EdgeSwitch\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2019-5446

Vulnerability from fkie_nvd - Published: 2019-07-10 20:15 - Updated: 2024-11-21 04:44

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.

References

	URL	Tags
	support@hackerone.com	https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7	Release Notes, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
ui	edgeswitch_firmware	*
ui	ep-s16.	-
ui	es-12f	-
ui	es-16-150w	-
ui	es-16-xg	-
ui	es-24-250w	-
ui	es-24-500w	-
ui	es-24-lite	-
ui	es-48-500w	-
ui	es-48-750w	-
ui	es-48-lite	-
ui	es-8-150w	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:edgeswitch_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6F9B35-509E-4380-A473-796E32BCA88B",
              "versionEndExcluding": "1.8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:ep-s16.:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E496145-AC02-4EF5-8FE2-BF5593F89ABA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-12f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "35E11BF8-2295-4DC3-B463-DC305B2ED456",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-16-150w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4B5024-6E26-4011-9392-26E304C0B00C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-16-xg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82590A80-2DA6-4BA3-BAF9-DA6B9118C7E2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-24-250w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBA2938D-8AF2-47D5-B881-AD27A999989D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-24-500w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CDFD81A-C3D6-4B54-97C6-718FEB23C57C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-24-lite:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0085DBEE-368A-400D-A2E7-AC090CCD6324",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-48-500w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7AC5ECE-A2E4-4AD8-B65D-4B5CFFF0A044",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-48-750w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "287F2ABB-2855-4938-A5F3-857744ABC4E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-48-lite:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8A7623-0F2F-49F3-81F4-515E29A907EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:es-8-150w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0CDC1D-D5F7-437D-9544-95E8DBFBF1F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root."
    },
    {
      "lang": "es",
      "value": "Una Inyecci\u00f3n de Comandos en EdgeMAX EdgeSwitch versiones anteriores a 1.8.2, permite a un usuario administrador ejecutar comandos como root."
    }
  ],
  "id": "CVE-2019-5446",
  "lastModified": "2024-11-21T04:44:57.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T20:15:12.763",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WJP7-MWHC-8PPQ

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2023-02-03 00:30

Details

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-10T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.",
  "id": "GHSA-wjp7-mwhc-8ppq",
  "modified": "2023-02-03T00:30:18Z",
  "published": "2022-05-24T16:50:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5446"
    },
    {
      "type": "WEB",
      "url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5446 (GCVE-0-2019-5446)

VAR-201907-0109

GSD-2019-5446

CNVD-2019-22212

FKIE_CVE-2019-5446

GHSA-WJP7-MWHC-8PPQ

Tags

Sightings

Nomenclature