UniFi Network Application Security Vulnerability Alert (Bulletin 036)
Attribute | Details |
---|---|
Publication Date | October 23, 2023 |
Bulletin Version | 1.0 |
Revision | 1.0 |
Vulnerability Description | Improper access control in device adoption; risk of unauthorized access to device configuration |
Affected UniFi Network Versions | Up to 7.5.176 |
Mitigation | Update to Version 7.5.187 or later |
CVSS Base Score | 10.0 Critical |
CVE | CVE-2023-41721 (Mathew Marcus) |
Reference Link | https://community.ui.com/releases/UniFi-Network-Application-7-5-187/408b64c5-a485-4a37-843c-31e87140be64 |
Affected Products:
- UDM
- UDM-PRO
- UDM-SE
- UDR
- UDW
Table of Contents
Summary
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Customers of UniHosted are not affected by this vulnerability.