CVE Vulnerabilities

CVE-2020-8145

Published: Apr 01, 2020 | Modified: Jul 21, 2021
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer.

Affected Software

Name Vendor Start Version End Version
Unifi_video Ui * 3.9.3 (including)

References