Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by Ubiquiti Inc.
CVE-2023-31997 (GCVE-0-2023-31997)
Vulnerability from nvd – Published: 2023-06-30 23:39 – Updated: 2024-11-26 19:07
VLAI
Summary
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti Inc. | UniFi OS |
Affected:
3.1.13 , ≤ 3.1.13
(semver)
|
|
| ubiquiti | unifi_os |
Affected:
3.1 , ≤ 3.1.13
(semver)
cpe:2.3:a:ubiquiti:unifi_os:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_os",
"vendor": "ubiquiti",
"versions": [
{
"lessThanOrEqual": "3.1.13",
"status": "affected",
"version": "3.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:03:26.624874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:07:26.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi OS",
"vendor": "Ubiquiti Inc.",
"versions": [
{
"lessThanOrEqual": "3.1.13",
"status": "affected",
"version": "3.1.13",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. \"Applicable Cloud Keys\" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.\r\n\r\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T23:39:29.425Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-31997",
"datePublished": "2023-06-30T23:39:29.425Z",
"dateReserved": "2023-05-01T01:00:12.219Z",
"dateUpdated": "2024-11-26T19:07:26.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28365 (GCVE-0-2023-28365)
Vulnerability from nvd – Published: 2023-06-30 23:40 – Updated: 2024-11-27 17:23
VLAI
Summary
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti Inc. | UniFi Network application |
Affected:
7.3.83 , ≤ 7.3.83
(semver)
|
|
| ubiquiti | unifi_network_application |
Affected:
0 , ≤ 7.3.83
(semver)
cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "unifi_network_application",
"vendor": "ubiquiti",
"versions": [
{
"lessThanOrEqual": "7.3.83",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T17:22:20.390330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T17:23:23.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network application",
"vendor": "Ubiquiti Inc.",
"versions": [
{
"lessThanOrEqual": "7.3.83",
"status": "affected",
"version": "7.3.83",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T23:40:13.388Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-28365",
"datePublished": "2023-06-30T23:40:13.388Z",
"dateReserved": "2023-03-15T01:00:13.221Z",
"dateUpdated": "2024-11-27T17:23:23.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28365 (GCVE-0-2023-28365)
Vulnerability from cvelistv5 – Published: 2023-06-30 23:40 – Updated: 2024-11-27 17:23
VLAI
Summary
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti Inc. | UniFi Network application |
Affected:
7.3.83 , ≤ 7.3.83
(semver)
|
|
| ubiquiti | unifi_network_application |
Affected:
0 , ≤ 7.3.83
(semver)
cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "unifi_network_application",
"vendor": "ubiquiti",
"versions": [
{
"lessThanOrEqual": "7.3.83",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T17:22:20.390330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T17:23:23.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi Network application",
"vendor": "Ubiquiti Inc.",
"versions": [
{
"lessThanOrEqual": "7.3.83",
"status": "affected",
"version": "7.3.83",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T23:40:13.388Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-28365",
"datePublished": "2023-06-30T23:40:13.388Z",
"dateReserved": "2023-03-15T01:00:13.221Z",
"dateUpdated": "2024-11-27T17:23:23.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31997 (GCVE-0-2023-31997)
Vulnerability from cvelistv5 – Published: 2023-06-30 23:39 – Updated: 2024-11-26 19:07
VLAI
Summary
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti Inc. | UniFi OS |
Affected:
3.1.13 , ≤ 3.1.13
(semver)
|
|
| ubiquiti | unifi_os |
Affected:
3.1 , ≤ 3.1.13
(semver)
cpe:2.3:a:ubiquiti:unifi_os:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ubiquiti:unifi_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifi_os",
"vendor": "ubiquiti",
"versions": [
{
"lessThanOrEqual": "3.1.13",
"status": "affected",
"version": "3.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:03:26.624874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:07:26.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi OS",
"vendor": "Ubiquiti Inc.",
"versions": [
{
"lessThanOrEqual": "3.1.13",
"status": "affected",
"version": "3.1.13",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. \"Applicable Cloud Keys\" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.\r\n\r\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T23:39:29.425Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-31997",
"datePublished": "2023-06-30T23:39:29.425Z",
"dateReserved": "2023-05-01T01:00:12.219Z",
"dateUpdated": "2024-11-26T19:07:26.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}