CVE Database As of 12-07-2019

CVE-2016-7792

Impact by CVSS Score
  • ID: CVE-2016-7792
Summary:

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.

Exploitability Analysis:

This is a vulnerability exploitable with adjacent network access and requires the attacker to have access to either the broadcast or collision domain of the vulnerable software. Examples of local networks include local IP subnet, Bluetooth, IEEE 802.11, and local Ethernet segment.

Exploitability Complexity:

Specialized access conditions or extenuating circumstances do not exist. The following are examples: The affected product typically requires access to a wide range of systems and users, possibly anonymous an untrusted (e.g., Internet-facing web or mail server). The affected configuration is default or ubiquitous. The attack can be performed manually and requires little skill or additional information gathering. The 'race condition' is a lazy one (i.e., it is technically a race but easily winnable).

Authentication:

Authentication is not required to access and exploit the vulnerability.

Confidentiality Impact:

There is total information disclosure, resulting in all system files being revealed. The attacker is able to read all of the system's data (memory, files, etc.).

Integrity Impact:

There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised. The attacker is able to modify any files on the target system.

Availability Impact:

There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.

Search
Impact
High
CVSS Score
8.3
Exploitable
Adjacent Network
Created
2017-01-23 16:59:02
Modified
2017-01-25 21:59:02
Credit
NIST NVD

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage 134,288 vulnerabilities.