CVE-2016-6914

Published on: 12/27/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:11 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Windows from Microsoft contain the following vulnerability:

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

  • CVE-2016-6914 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.2 - HIGH

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Ubiquiti UniFi Video CVE-2016-6914 Local Privilege Escalation Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 102278
Ubiquiti UniFi Video 3.7.3 (Windows) Local Privilege Escalation ≈ Packet Storm Third Party Advisory
VDB Entry
packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/145533/Ubiquiti-UniFi-Video-3.7.3-Windows-Local-Privilege-Escalation.html
HackerOne Issue Tracking
Third Party Advisory
hackerone.com
text/html
URL Logo MISC hackerone.com/reports/140793
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation Third Party Advisory
VDB Entry
www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 43390
Full Disclosure: [CVE-2016-6914] Ubiquiti UniFi Video v3.7.3 (Windows) Local Privileges Escalation via Insecure Directory Permissions Mailing List
Third Party Advisory
seclists.org
text/html
URL Logo FULLDISC 20171223 [CVE-2016-6914] Ubiquiti UniFi Video v3.7.3 (Windows) Local Privileges Escalation via Insecure Directory Permissions

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
MicrosoftWindowsAllAllAllAll
Operating
System
MicrosoftWindowsAllAllAllAll
ApplicationUbntUnifi VideoAllAllAllAll
ApplicationUbntUnifi VideoAllAllAllAll
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:ubnt:unifi_video:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:ubnt:unifi_video:*:*:*:*:*:*:*:*: