CVE-2019-5430 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2019-5430?

CVE-2019-5430 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-5430?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Unifi Video.

Vulnerability Description

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ui	Unifi Video	<= 3.10.0

Related Weaknesses (CWE)

CWE-352

References

https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-10-1-Soft-Release/bVendor Advisory
https://hackerone.com/reports/329749Third Party Advisory
https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-10-1-Soft-Release/bVendor Advisory
https://hackerone.com/reports/329749Third Party Advisory

FAQ

What is CVE-2019-5430?

CVE-2019-5430 is a vulnerability with a CVSS score of 8.8 (HIGH). In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to...

How severe is CVE-2019-5430?

CVE-2019-5430 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5430?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Unifi Video.