UniFi Network Application Security Vulnerability Alert (Bulletin 036)

Published onOctober 24, 2023

#security#unifi
Attribute Details
Publication Date October 23, 2023
Bulletin Version 1.0
Revision 1.0
Vulnerability Description Improper access control in device adoption; risk of unauthorized access to device configuration
Affected UniFi Network Versions Up to 7.5.176
Mitigation Update to Version 7.5.187 or later
CVSS Base Score 10.0 Critical
CVE CVE-2023-41721 (Mathew Marcus)
Reference Link https://community.ui.com/releases/UniFi-Network-Application-7-5-187/408b64c5-a485-4a37-843c-31e87140be64

Affected Products:

  • UDM
  • UDM-PRO
  • UDM-SE
  • UDR
  • UDW

Table of Contents

Summary

Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.

Customers of UniHosted are not affected by this vulnerability.

Ready to connect your first device?

Start managing your UniFi network today.

Start for free