CVE-2020-8146

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8146
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8146.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8146
Published
2020-04-01T23:15:13Z
Modified
2024-09-03T03:33:43.041456Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer.

References

Affected packages

Git / github.com/pducharme/unifi-video-controller

Affected ranges

Type
GIT
Repo
https://github.com/pducharme/unifi-video-controller
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

3.*

3.10.1
3.10.2
3.9.0
3.9.11
3.9.12
3.9.2
3.9.3
3.9.4
3.9.5
3.9.6
3.9.7
3.9.8
3.9.9