Improper Certificate Validation Vulnerability in UniFi Products
CVE-2024-29207
7.5HIGH
Key Information:
- Vendor
- Ubiquiti Inc
- Status
- Unifi Connect Application
- Unifi Connect Ev Station
- Unifi Connect Ev Station Pro
- Unifi Connect Display
- Vendor
- CVE Published:
- 7 May 2024
Summary
An improper certificate validation vulnerability exists in various UniFi products, potentially allowing malicious actors with access to an adjacent network to gain unauthorized control over affected systems. This flaw emphasizes the importance of implementing proper validation mechanisms to safeguard sensitive operations and user data. Users are advised to upgrade to the recommended versions to mitigate the risk associated with this vulnerability.
Affected Version(s)
UniFi Connect Application 3.10.7
UniFi Connect Display 1.11.348
UniFi Connect Display Cast 1.8.255
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved