One Article Review
| Source |  Network World |
|---|---|
| Identifiant | 339327 |
| Date de publication | 2017-03-16 13:18:50 (vue: 2017-03-16 13:18:50) |
| Titre | Unpatched vulnerability puts Ubiquiti networking products at risk |
| Texte | An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.Because it requires authentication, the vulnerability's impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user's browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.To read this article in full or to leave a comment, please click here |
| Envoyé | Oui |
| Condensat | account administration affected allow allows arbitrary article attack attacker authenticated authentication background based because browser but can click command commands comment consult controlled could crafted cross csrf devices discovered enterprise executed exploited forcing forgery from full hackers here highest impact inject injection interface involves leave networking networks operating over please privileged products puts read reduced remotely request requests requires researchers risk root sec send site somewhat specifically system take technique these through ubiquiti unauthorized underlying unpatched urls user users visit vulnerability web websites when would |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.