QwikSec

Security Database

CVE

CWE

Training

CVE-2019-5426

Published: Apr 10, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.

Vendor	Product	Versions
Ubiquiti Networks	EdgeMAX	affected `EdgeSwitch X prior to v1.1.1`

Weaknesses (CWE)

References

https://hackerone.com/reports/512958

x_refsource_MISC

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.