CVE-2020-24755 – CVE-2020-24755 is a DLL hijacking vulnerability... (How to Fix)

Q: What is the severity of CVE-2020-24755?

CVE-2020-24755 has a CVSS score of 7.8 (HIGH). CVE-2020-24755 is a DLL hijacking vulnerability in Ubiquiti UniFi Video software that allows attackers to execute arbitrary code by placing malicious DLL files in the application's current directory. This affects Windows systems running UniFi Video v3.10.13. Attackers can gain SYSTEM-level privileges on compromised systems.

📋 TL;DR

CVE-2020-24755 is a DLL hijacking vulnerability in Ubiquiti UniFi Video software that allows attackers to execute arbitrary code by placing malicious DLL files in the application's current directory. This affects Windows systems running UniFi Video v3.10.13. Attackers can gain SYSTEM-level privileges on compromised systems.

💻 Affected Systems

Products:

Ubiquiti UniFi Video

Versions: v3.10.13

Operating Systems: Windows 7 x64, Windows 10 x64

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation. Requires local access to place malicious DLL in application directory.

📦 What is this software?

Unifi Video by Ui

View all CVEs affecting Unifi Video →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM privileges, allowing installation of persistent malware, credential theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to complete control of the UniFi Video server, potentially compromising video surveillance data and network infrastructure.

🟢

If Mitigated

Limited impact if proper file permissions and directory restrictions are enforced, though the vulnerability still exists.

🌐 Internet-Facing: MEDIUM - While primarily a local attack, internet-facing UniFi Video servers could be targeted if attackers gain initial access through other means.

🏢 Internal Only: HIGH - Internal attackers or malware with local access can easily exploit this to gain SYSTEM privileges on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to place malicious DLL file. Proof-of-concept demonstrated in public videos.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.10.14 or later

Vendor Advisory: https://community.ui.com/releases/UniFi-Video-3-10-14/48a3d5f5-91e7-4e6c-8e8c-4af4d6c7c5b5

Restart Required: Yes

Instructions:

1. Download UniFi Video v3.10.14 or later from Ubiquiti website. 2. Stop UniFi Video service. 3. Run installer. 4. Restart system.

🔧 Temporary Workarounds

Restrict directory permissions

windows

Set strict file permissions on UniFi Video installation directory to prevent unauthorized DLL placement

icacls "C:\Program Files\Ubiquiti UniFi Video\" /deny Users:(OI)(CI)W

Run from protected directory

windows

Install and run UniFi Video from a directory with restricted write permissions

🧯 If You Can't Patch

Implement strict file system permissions on UniFi Video installation directory
Monitor for unauthorized DLL files in application directories and restrict user access

🔍 How to Verify

Check if Vulnerable:

Check if UniFi Video version is 3.10.13 by opening the application and viewing the version in the interface or checking the installation directory properties.

Check Version:

wmic product where name="Ubiquiti UniFi Video" get version

Verify Fix Applied:

Verify UniFi Video version is 3.10.14 or later. Test by attempting to place a DLL in the application directory - it should fail if proper permissions are set.

📡 Detection & Monitoring

Log Indicators:

Failed DLL loading attempts
Unusual process execution from UniFi Video directory
File creation events in UniFi Video installation path

Network Indicators:

Unusual outbound connections from UniFi Video process
Beaconing behavior from compromised system

SIEM Query:

source="windows" AND (event_id=4688 AND process_name="*UniFi Video*" AND parent_process_name!="services.exe") OR (event_id=4663 AND object_name="*UniFi Video*\*.dll")

📊 Metadata

CVE ID: CVE-2020-24755

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: May 17, 2021

Last Updated: November 21, 2024

🔗 References

https://www.youtube.com/watch?v=T41h4yeh9dk Exploit,Third Party Advisory
https://www.youtube.com/watch?v=T41h4yeh9dk Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24755, you might also want to check these: