{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T21:49:29.746","vulnerabilities":[{"cve":{"id":"CVE-2020-8146","sourceIdentifier":"support@hackerone.com","published":"2020-04-01T23:15:13.953","lastModified":"2026-06-17T03:25:56.403","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer."},{"lang":"es","value":"En UniFi Video versión v3.10.1 (para Windows 7/8/10 x64), se presenta una Escalada de Privilegios Locales a SYSTEM a partir de la eliminación arbitraria de archivos y vulnerabilidades de secuestro de DLL. El problema se corrigió al ajustar la carpeta .tsExport cuando el controlador es ejecutado en Windows y ajustando el SafeDllSearchMode en el registro de Windows cuando se instala el controlador de UniFi-Video. Productos afectados: UniFi Video Controller versión v3.10.2 (para Windows 7/8/10 x64) y anteriores. Corregido en UniFi Video Controller versión v3.10.3 y más recientes."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"n/a","product":"UniFi Video Controller (for Windows 7/8/10 x64)","versions":[{"version":"v3.10.2 and prior are affected","status":"affected"},{"version":"Fixed in v3.10.3 and newer","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ui:unifi_video:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10.2","matchCriteriaId":"47F29A32-3C82-4D34-A4E5-4251120B45E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}