Unifi Network Application
CVE-2023-41721
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Affected Products: UDM UDM-PRO UDM-SE UDR UDW
Mitigation: Update UniFi Network to Version 7.5.187 or later.
AnalysisAI
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. Affected products include: Ui Unifi Network Application. Version information: Version 7.5.187.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Unifi Network Application
View allA backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems
Privilege escalation in Ubiquiti's UniFi Network Application allows a low-privileged, network-adjacent user to gain elev
Privilege escalation via path traversal in self-hosted UniFi Network Application (Ubiquiti's controller software) allows
Privilege escalation in Ubiquiti's UniFi Network Application allows a low-privileged, authenticated user on the network
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (V
Privilege persistence in Ubiquiti's UniFi Network Application allows a low-privileged network-adjacent actor to retain g
Denial of service in Ubiquiti's UniFi Network Application allows a remote, unauthenticated attacker with network access
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today