Vulnerability Description
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ui | Unifi Video | <= 3.9.3 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0Vendor Advisory
- https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0Vendor Advisory
FAQ
What is CVE-2020-8144?
CVE-2020-8144 is a vulnerability with a CVSS score of 8.4 (HIGH). The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure th...
How severe is CVE-2020-8144?
CVE-2020-8144 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8144?
Check the references section above for vendor advisories and patch information. Affected products include: Ui Unifi Video, Microsoft Windows.