CVE-2020-8188

Name: CVE-2020-8188
Creator: NVD / NIST
Published: 2020-07-02T19:15:12.823+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 1.34%

Last modified Jun 17, 2026

CVE-2020-8188 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.. EPSS estimates a 1.34% chance of exploitation in the next 30 days.

Description

We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.34%

67.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Ui	Unifi Protect Firmware	<= 1.13.2
Ui	Unifi Protect Firmware	<= 1.14.9

References

https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4Vendor Advisory
https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00baRelease Notes, Vendor Advisory
https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5Release Notes, Vendor Advisory
https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4Vendor Advisory
https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00baRelease Notes, Vendor Advisory
https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5Release Notes, Vendor Advisory

Timeline

Published: Jul 2, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-8188?

How severe is CVE-2020-8188?

CVE-2020-8188 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.34% probability of exploitation in the next 30 days.

How do I fix CVE-2020-8188?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-8188?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST