Vulnerabilities > CVE-2019-5456 - Credentials Management vulnerability in UI Unifi Controller

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

CWE-255

NVD

Published: 2019-07-30

Updated: 2022-12-06

Summary

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.

Vulnerable Configurations

Part	Description	Count
Application	Ui UI Unifi Controller 2.4.3 UI Unifi Controller 2.4.4 UI Unifi Controller 2.4.5 UI Unifi Controller 2.4.6 UI Unifi Controller 3.1.13 UI Unifi Controller 3.2.1 UI Unifi Controller 5.10.21	7

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c
https://hackerone.com/reports/519582
https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391
https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124