CVE-2019-5456 – CVE-2019-5456 is an SMTP man-in-the-middle vuln... (How to Fix)

Q: How do I fix CVE-2019-5456?

1. Download UniFi Controller version 5.10.22 or later from Ubiquiti. 2. Stop the UniFi Controller service. 3. Install the updated version. 4. Restart the UniFi Controller service. 5. Verify the update completed successfully.

Q: What is the severity of CVE-2019-5456?

CVE-2019-5456 has a CVSS score of 8.1 (HIGH). CVE-2019-5456 is an SMTP man-in-the-middle vulnerability in UniFi Controller software that allows attackers to intercept SMTP credentials by proxying traffic between the controller and SMTP server. This affects UniFi Controller versions 5.10.21 and earlier. Attackers can capture authentication credentials for malicious use.

📋 TL;DR

CVE-2019-5456 is an SMTP man-in-the-middle vulnerability in UniFi Controller software that allows attackers to intercept SMTP credentials by proxying traffic between the controller and SMTP server. This affects UniFi Controller versions 5.10.21 and earlier. Attackers can capture authentication credentials for malicious use.

💻 Affected Systems

Products:

Ubiquiti UniFi Controller

Versions: <= 5.10.21

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable when SMTP is configured for email notifications. All deployments using affected versions are vulnerable if SMTP is enabled.

📦 What is this software?

Unifi Controller by Ui

View all CVEs affecting Unifi Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain SMTP credentials, potentially enabling email spoofing, phishing campaigns, credential reuse attacks, and unauthorized access to email services.

🟠

Likely Case

SMTP credentials are captured and used for spam campaigns, credential stuffing attacks, or lateral movement within the network.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to credential exposure requiring rotation and investigation.

🌐 Internet-Facing: MEDIUM - Requires attacker to position themselves between controller and SMTP server, which is more feasible if either component is internet-facing.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still intercept traffic within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network position between controller and SMTP server. Public proof-of-concept demonstrates credential interception.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.10.22 and later

Vendor Advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391

Restart Required: Yes

Instructions:

1. Download UniFi Controller version 5.10.22 or later from Ubiquiti. 2. Stop the UniFi Controller service. 3. Install the updated version. 4. Restart the UniFi Controller service. 5. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable SMTP notifications

all

Temporarily disable SMTP email notifications in UniFi Controller settings

Use SMTP with TLS

all

Configure SMTP to use TLS encryption for all communications

🧯 If You Can't Patch

Implement network segmentation to isolate UniFi Controller from potential MITM positions
Monitor network traffic between controller and SMTP server for anomalies

🔍 How to Verify

Check if Vulnerable:

Check UniFi Controller version in web interface under Settings > Controller > Controller Information

Check Version:

On Linux: dpkg -l | grep unifi or check web interface

Verify Fix Applied:

Verify version is 5.10.22 or higher and test SMTP functionality

📡 Detection & Monitoring

Log Indicators:

Unusual SMTP connection attempts
Failed SMTP authentication from unexpected sources

Network Indicators:

Unexpected devices routing SMTP traffic
SMTP traffic not using expected encryption

SIEM Query:

source="unifi-controller" AND (event_type="smtp_error" OR event_type="auth_failure")

📊 Metadata

CVE ID: CVE-2019-5456

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-300

Published: July 30, 2019

Last Updated: November 21, 2024

🔗 References

https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c Release Notes,Vendor Advisory
https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124 Release Notes,Vendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391 Vendor Advisory
https://hackerone.com/reports/519582 Permissions Required
https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c Release Notes,Vendor Advisory
https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124 Release Notes,Vendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391 Vendor Advisory
https://hackerone.com/reports/519582 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-5456, you might also want to check these: