CVE-2015-9266

Published Sep 5, 2018

Last updated 3 years ago

CVSS critical 9.8

Overview

Description: The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:airmax_ac_firmware:7.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBD592A6-2D4B-425F-A5AA-B436E03E8035"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:airmax_m_xm_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F600BFE-CD6A-4DEC-BAAE-714AB5D9D223",
            "versionEndExcluding": "5.6.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:airmax_m_xm:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8995AF37-CA09-4D28-BF62-611298A93B13"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:airmax_m_xw_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B9BB4C6-7C36-4FE4-985C-BEC9156C94C6",
            "versionEndExcluding": "5.6.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:airmax_m_xw:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E206B53F-F365-478D-A51B-1F13CD764C07"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:airmax_m_ti_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05E09E94-D8C5-482C-BD19-BFC9C8D42B87",
            "versionEndExcluding": "5.6.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:airmax_m_ti:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F6AA64D2-B725-4D88-82AD-7B6335BF6248"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:airgateway_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CC74D39-7E7F-4565-A856-FF030D28DAA9",
            "versionEndExcluding": "1.15"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:airgateway:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17E9D8F9-0EB5-4F28-8857-3B9E009EE840"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:airfiber_af24_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E42DB2E-C8AC-4A46-B9B6-1DA88F6F6FEC",
            "versionEndExcluding": "2.2.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:airfiber_af24:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0E93CA24-5985-4877-9907-8B9EF9892749"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:airfiber_af24hd_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA1691A9-F816-4A1C-9335-A248703B600A",
            "versionEndExcluding": "2.2.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:airfiber_af24hd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "05949407-799A-4A77-ABFF-F7C3A0218A0C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:af5x_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "081B3972-42DF-487E-87B9-0CA45EF85354",
            "versionEndExcluding": "3.0.2.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:af5x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6E0F6008-0FD3-4B86-91F2-2CF6D046AB78"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:af5_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83E8E30C-9772-43E1-8481-F5F610D42CB2",
            "versionEndExcluding": "2.2.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:af5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0CE2B42D-9CAF-4BE4-B5ED-911D575BC22A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ubnt:airos_4_xs2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "285BAC2B-385C-4D7C-96EA-EE0E6109C0B6",
            "versionEndExcluding": "4.0.4"
          },
          {
            "criteria": "cpe:2.3:o:ubnt:airos_4_xs5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC912267-3FCE-41F9-A9FE-1F54E384F6D7",
            "versionEndExcluding": "4.0.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403"
          },
          {
            "criteria": "cpe:2.3:h:ui:airmax_m:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "22401E7D-9BB7-4015-A28B-1C134C429E56"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ubnt:edgeswitch_xp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72285AF8-6D2A-49DE-A267-F483826D6F59",
            "versionEndExcluding": "1.3.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:edgeswitch_xp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1777B2FA-9B9A-489F-8F46-213B3ACB9D05"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References