Is CVE-2019-16889 actively exploited?

CVE-2019-16889 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-16889?

CVE-2019-16889 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2019-16889?

Patch guidance is available from ui security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-16889.

Fix CVE-2019-16889 - HIGH ui er-x firmware

Q: Which products are affected by CVE-2019-16889?

12 products: ui er-x firmware, ui er-x-sfp firmware, ui ep-r6 firmware, ui erlite-3 firmware, ui erpoe-5 firmware, and 7 more.

Description

Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-770

Metadata

Primary Vendor: UI
Published: 9/25/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

ui : er-x_firmwareui : er-x-sfp_firmwareui : ep-r6_firmwareui : erlite-3_firmwareui : erpoe-5_firmwareui : er-8_firmwareui : erpro-8_firmwareui : ep-r8_firmwareui : er-4_firmwareui : er-6p_firmwareui : er-12_firmwareui : er-8-xg_firmware

Remediation Guidance

Executive Summary

View on NIST NVD