CVE-2019-5426

Summary

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti NetworksEdgeMAXEdgeSwitch X prior to v1.1.1affected

Weaknesses

  • CWE-287: Improper Authentication - Generic (CWE-287)

ADP Enrichment

CVE Program Container

Additional References

References