Description

Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.

INFO

Published Date :

Sept. 25, 2019, 8:15 p.m.

Last Modified :

Nov. 21, 2024, 4:31 a.m.

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2019-16889 has a 5 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-16889 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ui er-x_firmware
2 Ui er-x-sfp_firmware
3 Ui ep-r6_firmware
4 Ui erlite-3_firmware
5 Ui erpoe-5_firmware
6 Ui er-8_firmware
7 Ui erpro-8_firmware
8 Ui ep-r8_firmware
9 Ui er-4_firmware
10 Ui er-6p_firmware
11 Ui er-12_firmware
12 Ui er-8-xg_firmware
13 Ui er-x
14 Ui er-x-sfp
15 Ui erlite-3
16 Ui ep-r6
17 Ui erpoe-5
18 Ui er-8
19 Ui erpro-8
20 Ui ep-r8
21 Ui er-4
22 Ui er-6p
23 Ui er-12
24 Ui er-8-xg
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-16889.

URL Resource
https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643 Patch Vendor Advisory
https://hackerone.com/reports/406614 Exploit Issue Tracking Third Party Advisory
https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/ Exploit Third Party Advisory
https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643 Patch Vendor Advisory
https://hackerone.com/reports/406614 Exploit Issue Tracking Third Party Advisory
https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/ Exploit Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Updated: 2 months, 2 weeks ago
34 stars 3 fork 3 watcher
Born at : March 12, 2021, 12:22 p.m. This repo has been linked 1063 different CVEs too.

None

Updated: 3 months ago
19 stars 10 fork 10 watcher
Born at : Jan. 2, 2021, 10:19 p.m. This repo has been linked 1052 different CVEs too.

None

Updated: 4 weeks ago
86 stars 33 fork 33 watcher
Born at : Oct. 2, 2020, 2:49 p.m. This repo has been linked 1113 different CVEs too.

Cookie resource consumption testing tool.

Python

Updated: 2 years, 6 months ago
1 stars 0 fork 0 watcher
Born at : Dec. 22, 2019, 8:12 p.m. This repo has been linked 1 different CVEs too.

Proof of conecept for CVE-2019-16889 (Resource consumption on Ubiquiti Edgemax 1.10.6 and earlier

Python

Updated: 6 months, 4 weeks ago
0 stars 0 fork 0 watcher
Born at : Dec. 9, 2019, 12:09 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-16889 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-16889 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643
    Added Reference https://hackerone.com/reports/406614
    Added Reference https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CWE Remap by [email protected]

    Aug. 24, 2020

    Action Type Old Value New Value
    Changed CWE CWE-400 CWE-770
  • Initial Analysis by [email protected]

    Oct. 01, 2019

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:N/I:N/A:C)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    Changed Reference Type https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643 No Types Assigned https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643 Patch, Vendor Advisory
    Changed Reference Type https://hackerone.com/reports/406614 No Types Assigned https://hackerone.com/reports/406614 Exploit, Issue Tracking, Third Party Advisory
    Changed Reference Type https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/ No Types Assigned https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/ Exploit, Third Party Advisory
    Added CWE CWE-400
    Added CPE Configuration AND OR *cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:ep-r6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:ep-r6:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:erlite-3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:erlite-3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:erpoe-5_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:erpoe-5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:er-8_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:er-8:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:erpro-8_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:erpro-8:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:ep-r8_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:ep-r8:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:er-4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:er-4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:er-6p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:er-6p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:er-12_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:er-12:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ui:er-8-xg_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.3 OR cpe:2.3:h:ui:er-8-xg:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-16889 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.72 }} -0.02%

score

0.80423

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability