diff --git a/2015/9xxx/CVE-2015-9266.json b/2015/9xxx/CVE-2015-9266.json index d34a2b5f51c..f01e24d3e84 100644 --- a/2015/9xxx/CVE-2015-9266.json +++ b/2015/9xxx/CVE-2015-9266.json @@ -1,18 +1,274 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9266", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-9266", + "STATE": "PUBLIC", + "TITLE": "Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EdgeSwitch XP (formerly TOUGHSwitch)", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "1.3.2" + } + ] + } + }, + { + "product_name": "airGateway", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "1.1.5" + } + ] + } + }, + { + "product_name": "airFiber AF24", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.2.1" + } + ] + } + }, + { + "product_name": "airFiber AF24HD", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.2.1" + } + ] + } + }, + { + "product_name": "airFiber AF5", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.2.1" + } + ] + } + }, + { + "product_name": "airFiber AF5x", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "3.0.2.1" + } + ] + } + }, + { + "product_name": "airMAX XM", + "version": { + "version_data": [ + { + "affected": "!", + "version_value": "5.5.11" + }, + { + "affected": "<", + "version_value": "5.6.2" + } + ] + } + }, + { + "product_name": "airMAX TI", + "version": { + "version_data": [ + { + "affected": "!", + "version_value": "5.5.11" + }, + { + "affected": "<", + "version_value": "5.6.2" + } + ] + } + }, + { + "product_name": "airMAX XW", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.6.2" + }, + { + "affected": "!", + "version_value": "5.5.10u2" + } + ] + } + }, + { + "product_name": "airMAX XC", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.1.3" + } + ] + } + }, + { + "product_name": "airMAX WA", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.1.3" + } + ] + } + }, + { + "product_name": "airOS XS5", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.0.4" + } + ] + } + }, + { + "product_name": "airOS XS2", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.0.4" + } + ] + } + }, + { + "product_name": "airMAX AC", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Ubiquiti" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was reported by 93c08539." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges.\nThis vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected):\n airMAX AC 7.1.3;\n airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW;\n airGateway 1.1.5;\n airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1;\n airOS 4 XS2/XS5 4.0.4; and\n EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. " } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/73480", + "refsource": "MISC", + "url": "https://hackerone.com/reports/73480" + }, + { + "name": "https://www.exploit-db.com/exploits/39701/", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39701/" + }, + { + "name": "https://www.exploit-db.com/exploits/39853/", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39853/" + }, + { + "name": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload", + "refsource": "MISC", + "url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload" + }, + { + "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494", + "refsource": "CONFIRM", + "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494" + }, + { + "name": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940", + "refsource": "MISC", + "url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940" + }, + { + "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949", + "refsource": "CONFIRM", + "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } diff --git a/2015/CVE-2015-9266.json b/2015/CVE-2015-9266.json deleted file mode 100644 index f01e24d3e84..00000000000 --- a/2015/CVE-2015-9266.json +++ /dev/null @@ -1,274 +0,0 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cert@cert.org", - "ID": "CVE-2015-9266", - "STATE": "PUBLIC", - "TITLE": "Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "EdgeSwitch XP (formerly TOUGHSwitch)", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "1.3.2" - } - ] - } - }, - { - "product_name": "airGateway", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "1.1.5" - } - ] - } - }, - { - "product_name": "airFiber AF24", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "2.2.1" - } - ] - } - }, - { - "product_name": "airFiber AF24HD", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "2.2.1" - } - ] - } - }, - { - "product_name": "airFiber AF5", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "2.2.1" - } - ] - } - }, - { - "product_name": "airFiber AF5x", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "3.0.2.1" - } - ] - } - }, - { - "product_name": "airMAX XM", - "version": { - "version_data": [ - { - "affected": "!", - "version_value": "5.5.11" - }, - { - "affected": "<", - "version_value": "5.6.2" - } - ] - } - }, - { - "product_name": "airMAX TI", - "version": { - "version_data": [ - { - "affected": "!", - "version_value": "5.5.11" - }, - { - "affected": "<", - "version_value": "5.6.2" - } - ] - } - }, - { - "product_name": "airMAX XW", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "5.6.2" - }, - { - "affected": "!", - "version_value": "5.5.10u2" - } - ] - } - }, - { - "product_name": "airMAX XC", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.1.3" - } - ] - } - }, - { - "product_name": "airMAX WA", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.1.3" - } - ] - } - }, - { - "product_name": "airOS XS5", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.0.4" - } - ] - } - }, - { - "product_name": "airOS XS2", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.0.4" - } - ] - } - }, - { - "product_name": "airMAX AC", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.1.3" - } - ] - } - } - ] - }, - "vendor_name": "Ubiquiti" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "This vulnerability was reported by 93c08539." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges.\nThis vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected):\n airMAX AC 7.1.3;\n airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW;\n airGateway 1.1.5;\n airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1;\n airOS 4 XS2/XS5 4.0.4; and\n EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. " - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://hackerone.com/reports/73480", - "refsource": "MISC", - "url": "https://hackerone.com/reports/73480" - }, - { - "name": "https://www.exploit-db.com/exploits/39701/", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/39701/" - }, - { - "name": "https://www.exploit-db.com/exploits/39853/", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/39853/" - }, - { - "name": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload", - "refsource": "MISC", - "url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload" - }, - { - "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494", - "refsource": "CONFIRM", - "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494" - }, - { - "name": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940", - "refsource": "MISC", - "url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940" - }, - { - "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949", - "refsource": "CONFIRM", - "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949" - } - ] - }, - "source": { - "discovery": "UNKNOWN" - } -}