CVE-2019-16889

Published Sep 25, 2019

Last updated 4 years ago

CVSS high 7.5

Overview

Description: Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-770

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12000017-B53B-4A2A-A7ED-3869BF7671B3",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37FDB6EC-6ECA-4CD6-931D-28D52CF2DF6C",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:ep-r6_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63162607-4EBA-49B7-8DBC-5D3EFD0C523A",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:ep-r6:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF781B02-254D-4A5F-A98B-089E87ADB293"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:erlite-3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0068C171-0F72-4FCE-8AD4-B6237FCD4B73",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:erlite-3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0071AC31-76DE-4787-9ED3-A93119B7D4A9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:erpoe-5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "966719CB-C9DD-41DF-8DE1-51491400C251"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:erpoe-5_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "883E0737-80B7-484A-A2D6-75CFB069331E",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:er-8:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C941B4B4-D117-4934-BDB0-3E7EB707CBD6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:er-8_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2947841-43B3-4F61-96B3-78BAB8848E4A",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:erpro-8:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B103990A-E41C-45C0-861A-E5A133DAB312"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:erpro-8_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D3321B7-E3AE-4935-ADA0-FCCEF43C86A8",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:ep-r8:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AC9D64BD-3A85-4100-9326-67289D4E07F9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:ep-r8_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1867AAD3-E437-4D9F-9D7E-C19F3EB0EA95",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:er-4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C0DBDD16-1FDE-45FA-9A5C-44BCF44D70FB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:er-4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7120C8C4-535F-4AB8-8A31-DF341BCB1659",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:er-6p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E9EA558B-7CF3-4CD0-8D73-A6BC646948C9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:er-6p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C5FBCB4-E305-4D4C-A6FF-B38E4123125B",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:er-12:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0A7DEE4B-D49C-4D11-9AA8-3F422DDF8964"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:er-12_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E534058-D49B-4771-BC75-178ACB5BEB01",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:er-8-xg:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EBB1CDE7-F121-4D6A-A729-C6A1F27100E8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:er-8-xg_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E5BCFE8-C74D-4DED-828A-B0A4213C62B9",
            "versionEndExcluding": "2.0.3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References