cbcvebase.

Ui Unifi Network Application vulnerabilities

4 known vulnerabilities affecting ui/unifi_network_application.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-28365P2CRITICALCVSS 9.1Exploitedfixed in 7.4.1562023-07-01
CVE-2023-28365 [CRITICAL] CWE-77 CVE-2023-28365: A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linu A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
nvd
CVE-2024-42025P3HIGHCVSS 7.8fixed in 8.4.592024-09-13
CVE-2024-42025 [HIGH] CWE-77 CVE-2024-42025: A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Ne A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
nvd
CVE-2023-41721P4MEDIUMCVSS 5.3≤ 7.5.1762023-10-25
CVE-2023-41721 [MEDIUM] CWE-284 CVE-2023-41721: Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are ver Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE
nvd
CVE-2023-32000P4MEDIUMCVSS 4.8≤ 7.3.832023-07-08
CVE-2023-32000 [MEDIUM] CWE-79 CVE-2023-32000: A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allow A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.
nvd
Ui Unifi Network Application vulnerabilities | cvebase