CVE-2019-16889
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/09/2019
Last modified:
24/08/2020
Description
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:* | 2.0.3 (excluding) | |
| cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:* | 2.0.3 (excluding) | |
| cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:ep-r6_firmware:*:*:*:*:*:*:*:* | 2.0.3 (excluding) | |
| cpe:2.3:h:ui:ep-r6:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:erlite-3_firmware:*:*:*:*:*:*:*:* | 2.0.3 (excluding) | |
| cpe:2.3:h:ui:erlite-3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:erpoe-5_firmware:*:*:*:*:*:*:*:* | 2.0.3 (excluding) | |
| cpe:2.3:h:ui:erpoe-5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-8_firmware:*:*:*:*:*:*:*:* | 2.0.3 (excluding) | |
| cpe:2.3:h:ui:er-8:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:erpro-8_firmware:*:*:*:*:*:*:*:* | 2.0.3 (excluding) | |
| cpe:2.3:h:ui:erpro-8:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:ep-r8_firmware:*:*:*:*:*:*:*:* | 2.0.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page