10
CVE-2023-41721
- EPSS 0.24%
- Veröffentlicht 25.10.2023 18:17:30
- Zuletzt bearbeitet 21.11.2024 08:21:32
- Quelle support@hackerone.com
- Teams Watchlist Login
- Unerledigt Login
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ui ≫ Unifi Network Application Version <= 7.5.176
Ui ≫ Unifi Dream Machine Version-
Ui ≫ Unifi Dream Machine Pro Version-
Ui ≫ Unifi Dream Machine Special Edition Version-
Ui ≫ Unifi Dream Router Version-
Ui ≫ Unifi Dream Wall Version-
Ui ≫ Unifi Dream Machine Pro Version-
Ui ≫ Unifi Dream Machine Special Edition Version-
Ui ≫ Unifi Dream Router Version-
Ui ≫ Unifi Dream Wall Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.47 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| support@hackerone.com | 10 | 3.9 | 6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.