Vulnerability Description
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ui | Airos | < 6.0.7 |
| Ui | Airmax Ac | - |
| Ui | Edgemax Firmware | < 1.9.7 |
| Ui | Edgemax | - |
Related Weaknesses (CWE)
References
- https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-ReleasedRelease NotesVendor Advisory
- https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-ReleasedRelease NotesVendor Advisory
- https://hackerone.com/reports/221625Third Party Advisory
- https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-ReleasedRelease NotesVendor Advisory
- https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-ReleasedRelease NotesVendor Advisory
- https://hackerone.com/reports/221625Third Party Advisory
FAQ
What is CVE-2017-0938?
CVE-2017-0938 is a vulnerability with a CVSS score of 7.5 (HIGH). Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
How severe is CVE-2017-0938?
CVE-2017-0938 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0938?
Check the references section above for vendor advisories and patch information. Affected products include: Ui Airos, Ui Airmax Ac, Ui Edgemax Firmware, Ui Edgemax.