CVE-2014-2227 in UniFi Videoinfo

Summary

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

02/26/2014

Disclosure

07/25/2014

Moderation

VulDB entry created

Entries

1: VDB-70450

CPE

ready

CWE

CWE-264 (Confirmed)

Exploit

Download

CVSS

6.3

EPSS

0.01510

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-2227
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2227
CVE Details	https://www.cvedetails.com/cve/CVE-2014-2227/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!