Description
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Ubiquiti Inc / EFG0 – 5.1.15
- Ubiquiti Inc / ENVR0 – 5.1.15
- Ubiquiti Inc / ENVR-Core0 – 5.1.15
- Ubiquiti Inc / Express0 – 4.0.15
- Ubiquiti Inc / Express 70 – 5.1.15
- Ubiquiti Inc / UCG-Fiber0 – 5.1.15
- Ubiquiti Inc / UCG-Industrial0 – 5.1.15
- Ubiquiti Inc / UCG-Max0 – 5.1.15
- Ubiquiti Inc / UCG-Ultra0 – 5.1.15
- Ubiquiti Inc / UCK0 – 5.1.15
- Ubiquiti Inc / UCK-Enterprise0 – 5.1.15
- Ubiquiti Inc / UCKP0 – 5.1.15
- Ubiquiti Inc / UDM0 – 5.1.15
- Ubiquiti Inc / UDM-Beast0 – 5.1.15
- Ubiquiti Inc / UDM-Pro0 – 5.1.15
- Ubiquiti Inc / UDM-Pro-Max0 – 5.1.15
- Ubiquiti Inc / UDM-SE0 – 5.1.15
- Ubiquiti Inc / UDR0 – 5.1.15
- Ubiquiti Inc / UDR-5G0 – 5.1.15
- Ubiquiti Inc / UDR70 – 5.1.15
- Ubiquiti Inc / UDW0 – 5.1.15
- Ubiquiti Inc / UNAS-20 – 5.1.16
- Ubiquiti Inc / UNAS-40 – 5.1.16
- Ubiquiti Inc / UNAS-Pro0 – 5.1.16
- Ubiquiti Inc / UNAS-Pro-40 – 5.1.16
- Ubiquiti Inc / UNAS-Pro-80 – 5.1.16
- Ubiquiti Inc / UniFi OS Server0 – 5.1.15
- Ubiquiti Inc / UNVR0 – 5.1.15
- Ubiquiti Inc / UNVR-G20 – 5.1.15
- Ubiquiti Inc / UNVR-G2-Pro0 – 5.1.15
- Ubiquiti Inc / UNVR-Instant0 – 5.1.15
- Ubiquiti Inc / UNVR-Pro0 – 5.1.15
Updated 6m ago · 2 sources