Vulnerability Description
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ui | Unifi Protect Firmware | <= 1.13.2 |
| Ui | Unifi Protect | - |
| Ui | Unifi Cloud Key Plus | - |
| Ui | Unifi Dream Machine Pro | - |
Related Weaknesses (CWE)
References
- https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f8Vendor Advisory
- https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-1Release NotesVendor Advisory
- https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-Release NotesVendor Advisory
- https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f8Vendor Advisory
- https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-1Release NotesVendor Advisory
- https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-Release NotesVendor Advisory
FAQ
What is CVE-2020-8188?
CVE-2020-8188 is a vulnerability with a CVSS score of 8.8 (HIGH). We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Pro...
How severe is CVE-2020-8188?
CVE-2020-8188 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8188?
Check the references section above for vendor advisories and patch information. Affected products include: Ui Unifi Protect Firmware, Ui Unifi Protect, Ui Unifi Cloud Key Plus, Ui Unifi Dream Machine Pro.