Misconfiguration in UniFi Network Affects UniFi OS 3.1 and Cloud Key Devices
CVE-2023-31997

9CRITICAL

Key Information:

Vendor: Ubiquiti Inc.
Status: Unifi Os
Vendor: CVE Published:; 1 July 2023

🔔 Create Ubiquiti Inc. Vulnerability Alert

What is CVE-2023-31997?

A misconfiguration issue exists in UniFi OS 3.1 that enables unauthorized access to MongoDB by users on the same local network. This affects certain Cloud Key models when hosting the UniFi Network application, specifically Cloud Key Gen2 and Cloud Key Gen2 Plus. Users should ensure that proper configurations are in place to prevent unauthorized access.

Affected Version(s)

UniFi OS 3.1.13

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2023
Vulnerability Reserved
May 1, 2023