CVE-2019-25652
UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Ubiquiti · UniFi Network Controller¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →