Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Affected Products:
UDM
UDM-PRO
UDM-SE
UDR
UDW
Mitigation:
Update UniFi Network to Version 7.5.187 or later.
References
| Link | Resource |
|---|---|
| https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
31 Oct 2023, 20:02
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:ui:unifi_dream_router:-:*:*:*:*:*:*:* cpe:2.3:h:ui:unifi_dream_machine:-:*:*:*:*:*:*:* cpe:2.3:h:ui:unifi_dream_machine_special_edition:-:*:*:*:*:*:*:* cpe:2.3:h:ui:unifi_dream_wall:-:*:*:*:*:*:*:* cpe:2.3:a:ui:unifi_network_application:*:*:*:*:*:*:*:* cpe:2.3:h:ui:unifi_dream_machine_pro:-:*:*:*:*:*:*:* |
|
| First Time |
Ui unifi Dream Machine Pro
Ui Ui unifi Dream Machine Ui unifi Dream Wall Ui unifi Network Application Ui unifi Dream Machine Special Edition Ui unifi Dream Router |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
| CWE | NVD-CWE-noinfo | |
| References | (MISC) https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615 - Issue Tracking, Vendor Advisory |
25 Oct 2023, 18:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-25 18:17
Updated : 2024-09-10 21:35
NVD link : CVE-2023-41721
Mitre link : CVE-2023-41721
JSON object : View
Products Affected
ui
- unifi_dream_machine
- unifi_dream_machine_pro
- unifi_dream_machine_special_edition
- unifi_network_application
- unifi_dream_router
- unifi_dream_wall
CWE