Privilege escalation in the client impersonation functionality
High
U
Ubiquiti Inc.
Submitted None
Team Summary
Official summary from Ubiquiti Inc.
In UCRM `2.3.0-beta4` and prior, consequence of a lack of validation in `Client Impersonation` functionality, an attacker with access to an `Read-Only` account can escalate privileges to `Admin`. The vulnerability was fixed in UCRM `2.3.0`.
Actions:
Reported by
twicedi
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Privilege Escalation