UniFi Network Application Security Vulnerability Alert (Bulletin 036)
|Publication Date||October 23, 2023|
|Vulnerability Description||Improper access control in device adoption; risk of unauthorized access to device configuration|
|Affected UniFi Network Versions||Up to 7.5.176|
|Mitigation||Update to Version 7.5.187 or later|
|CVSS Base Score||10.0 Critical|
|CVE||CVE-2023-41721 (Mathew Marcus)|
Table of Contents
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Customers of UniHosted are not affected by this vulnerability.