UniFi Network Application Security Vulnerability Alert (Bulletin 036)
| Attribute | Details |
|---|---|
| Publication Date | October 23, 2023 |
| Bulletin Version | 1.0 |
| Revision | 1.0 |
| Vulnerability Description | Improper access control in device adoption; risk of unauthorized access to device configuration |
| Affected UniFi Network Versions | Up to 7.5.176 |
| Mitigation | Update to Version 7.5.187 or later |
| CVSS Base Score | 10.0 Critical |
| CVE | CVE-2023-41721 (Mathew Marcus) |
| Reference Link | https://community.ui.com/releases/UniFi-Network-Application-7-5-187/408b64c5-a485-4a37-843c-31e87140be64 |
Affected Products:
- UDM
- UDM-PRO
- UDM-SE
- UDR
- UDW
Summary
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Customers of UniHosted are not affected by this vulnerability.
UniHosted
At UniHosted, we stay on top and take care of issues like this (if it affects our users).
If you are looking for a hands-off approach with flexibility and scalability included, you might want to give UniHosted a spin.
We let you control your UniFi networks without the hassle. It’s free to use and takes care of applying updates and maintenance, to ensure your networks run securely.
We host UniFi Controllers in the Cloud
Are you ready to take your UniFi Network to the next level? Deploy a UniFi Cloud Controller in minutes and manage your network from anywhere.
Free tier available
Get the best support
Join 1276+ customers
No credit card required