Improper Certificate Validation Vulnerability in UniFi Products
CVE-2024-29207

7.5HIGH

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Connect Application; Unifi Connect Ev Station; Unifi Connect Ev Station Pro; Unifi Connect Display
Vendor: CVE Published:; 7 May 2024

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2024-29207?

An improper certificate validation vulnerability exists in various UniFi products, potentially allowing malicious actors with access to an adjacent network to gain unauthorized control over affected systems. This flaw emphasizes the importance of implementing proper validation mechanisms to safeguard sensitive operations and user data. Users are advised to upgrade to the recommended versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

UniFi Connect Application 3.10.7

UniFi Connect Display 1.11.348

UniFi Connect Display Cast 1.8.255

References

https://community.ui.com/releases/Security-Advisory-bulle...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Mar 19, 2024