Misconfiguration in UniFi Network Affects UniFi OS 3.1 and Cloud Key Devices
CVE-2023-31997

9CRITICAL

Key Information:

Vendor

Ubiquiti Inc.

Status
Unifi Os
Vendor
CVE Published:
1 July 2023

What is CVE-2023-31997?

A misconfiguration issue exists in UniFi OS 3.1 that enables unauthorized access to MongoDB by users on the same local network. This affects certain Cloud Key models when hosting the UniFi Network application, specifically Cloud Key Gen2 and Cloud Key Gen2 Plus. Users should ensure that proper configurations are in place to prevent unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

UniFi OS 3.1.13

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.