var-201407-0508
Vulnerability from variot
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file. UniFi Video is prone to a security-bypass vulnerability. An authenticated attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. UniFi Video 2.1.3 is vulnerable; other versions may also be affected. Ubiquiti Networks UniFi Video (also known as AirVision or AirVision Controller) is a set of video surveillance system of Ubiquiti Networks in the United States. The vulnerability is caused by the program not restricting access to the application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unifi video",
"scope": "lte",
"trust": 1.0,
"vendor": "ui",
"version": "2.1.3"
},
{
"model": "unifi video",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "3.0.1"
},
{
"model": "unifi video",
"scope": "eq",
"trust": 0.6,
"vendor": "ubnt",
"version": "2.1.3"
},
{
"model": "networks unifi video",
"scope": "eq",
"trust": 0.3,
"vendor": "ubiquiti",
"version": "2.1.3"
},
{
"model": "networks unifi video",
"scope": "ne",
"trust": 0.3,
"vendor": "ubiquiti",
"version": "3.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "68866"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003575"
},
{
"db": "NVD",
"id": "CVE-2014-2227"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-622"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ui:unifi_video:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seth Art",
"sources": [
{
"db": "BID",
"id": "68866"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2227",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-70166",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2227",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-622",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70166",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003575"
},
{
"db": "NVD",
"id": "CVE-2014-2227"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-622"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file. UniFi Video is prone to a security-bypass vulnerability. \nAn authenticated attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nUniFi Video 2.1.3 is vulnerable; other versions may also be affected. Ubiquiti Networks UniFi Video (also known as AirVision or AirVision Controller) is a set of video surveillance system of Ubiquiti Networks in the United States. The vulnerability is caused by the program not restricting access to the application",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2227"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003575"
},
{
"db": "BID",
"id": "68866"
},
{
"db": "VULHUB",
"id": "VHN-70166"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-70166",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70166"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2227",
"trust": 2.8
},
{
"db": "BID",
"id": "68866",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003575",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-622",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "127617",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "39268",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-70166",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70166"
},
{
"db": "BID",
"id": "68866"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003575"
},
{
"db": "NVD",
"id": "CVE-2014-2227"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-622"
}
]
},
"id": "VAR-201407-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70166"
}
],
"trust": 0.30833333
},
"last_update_date": "2023-12-18T12:21:14.759000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "UniFi Video 3.0.1 / UVC 3.0.2 / airCam 3.0.2 Release",
"trust": 0.8,
"url": "http://community.ubnt.com/t5/unifi-video-blog/unifi-video-3-0-1-uvc-3-0-2-aircam-3-0-2-release/ba-p/792374"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003575"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003575"
},
{
"db": "NVD",
"id": "CVE-2014-2227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2014/jul/128"
},
{
"trust": 2.0,
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2227.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68866"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2227"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2227"
},
{
"trust": 0.8,
"url": "http://sethsec.blogspot.jp/2014/07/cve-2014-2227.html"
},
{
"trust": 0.3,
"url": "http://www.ubnt.com/enterprise/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70166"
},
{
"db": "BID",
"id": "68866"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003575"
},
{
"db": "NVD",
"id": "CVE-2014-2227"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-622"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-70166"
},
{
"db": "BID",
"id": "68866"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003575"
},
{
"db": "NVD",
"id": "CVE-2014-2227"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-622"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-70166"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68866"
},
{
"date": "2014-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003575"
},
{
"date": "2014-07-25T19:55:03.847000",
"db": "NVD",
"id": "CVE-2014-2227"
},
{
"date": "2014-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-622"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-70166"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68866"
},
{
"date": "2014-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003575"
},
{
"date": "2019-06-10T18:34:16.507000",
"db": "NVD",
"id": "CVE-2014-2227"
},
{
"date": "2019-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-622"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-622"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubiquiti Networks UniFi Video Vulnerabilities bypassing same-origin policy in cross-domain policy for default flash",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003575"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-622"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.