Skip to main content

Unifi Os

2 CVEs product

Monthly

CVE-2023-31997 CRITICAL Act Now

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Os
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2023-28361 MEDIUM This Month

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti CSRF Unifi Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 9.0
CRITICAL Act Now

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Os
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti CSRF Unifi Os
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy