Arbitrary File Read Vulnerability in Ubiquiti UCRM Versions 2.3.0 to 2.7.7

Arbitrary File Read Vulnerability in Ubiquiti UCRM Versions 2.3.0 to 2.7.7

CVE-2017-0913 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:N/A:N

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".

Learn more about our Cis Benchmark Audit For Docker.