Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2024-29207 (GCVE-0-2024-29207)

Vulnerability from nvd – Published: 2024-05-07 16:40 – Updated: 2024-08-02 01:10

Summary

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-284 - Improper Access Control

Assigner

hackerone

References

URL

Tags

https://community.ui.com/releases/Security-Adviso…

Impacted products

Vendor

Product

Version

Ubiquiti Inc

UniFi Connect Application

Affected: 3.10.7 , < 3.10.7 (semver)

Ubiquiti Inc	UniFi Connect EV Station	Affected: 1.2.15 , < 1.2.15 (semver)
Ubiquiti Inc	UniFi Connect EV Station Pro	Affected: 1.2.15 , < 1.2.15 (semver)
Ubiquiti Inc	UniFi Connect Display	Affected: 1.11.348 , < 1.11.348 (semver)
Ubiquiti Inc	UniFi Connect Display Cast	Affected: 1.8.255 , < 1.8.255 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_display_cast",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "1.8.255"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_display",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "1.11.348"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_application:3.10.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_application",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "3.10.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_ev_station",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.15 "
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_ev_station_pro",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.15.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29207",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T19:34:11.302957Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:56:46.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:10:55.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect Application",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "3.10.7",
              "status": "affected",
              "version": "3.10.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect EV Station",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "1.2.15",
              "status": "affected",
              "version": "1.2.15",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect EV Station Pro ",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "1.2.15",
              "status": "affected",
              "version": "1.2.15",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect Display",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "1.11.348",
              "status": "affected",
              "version": "1.11.348",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect Display Cast",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "1.8.255",
              "status": "affected",
              "version": "1.8.255",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. \n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.7.9 and earlier) \n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T16:40:02.502Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-29207",
    "datePublished": "2024-05-07T16:40:02.502Z",
    "dateReserved": "2024-03-19T01:04:06.323Z",
    "dateUpdated": "2024-08-02T01:10:55.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-29207 (GCVE-0-2024-29207)

Vulnerability from cvelistv5 – Published: 2024-05-07 16:40 – Updated: 2024-08-02 01:10

Summary

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-284 - Improper Access Control

Assigner

hackerone

References

URL

Tags

https://community.ui.com/releases/Security-Adviso…

Impacted products

Vendor

Product

Version

Ubiquiti Inc

UniFi Connect Application

Affected: 3.10.7 , < 3.10.7 (semver)

Ubiquiti Inc	UniFi Connect EV Station	Affected: 1.2.15 , < 1.2.15 (semver)
Ubiquiti Inc	UniFi Connect EV Station Pro	Affected: 1.2.15 , < 1.2.15 (semver)
Ubiquiti Inc	UniFi Connect Display	Affected: 1.11.348 , < 1.11.348 (semver)
Ubiquiti Inc	UniFi Connect Display Cast	Affected: 1.8.255 , < 1.8.255 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_display_cast",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "1.8.255"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_display",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "1.11.348"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_application:3.10.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_application",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "3.10.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_ev_station",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.15 "
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unifi_connect_ev_station_pro",
            "vendor": "ubiquiti",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.15.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29207",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T19:34:11.302957Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:56:46.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:10:55.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect Application",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "3.10.7",
              "status": "affected",
              "version": "3.10.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect EV Station",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "1.2.15",
              "status": "affected",
              "version": "1.2.15",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect EV Station Pro ",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "1.2.15",
              "status": "affected",
              "version": "1.2.15",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect Display",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "1.11.348",
              "status": "affected",
              "version": "1.11.348",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Connect Display Cast",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "1.8.255",
              "status": "affected",
              "version": "1.8.255",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. \n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.7.9 and earlier) \n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T16:40:02.502Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-29207",
    "datePublished": "2024-05-07T16:40:02.502Z",
    "dateReserved": "2024-03-19T01:04:06.323Z",
    "dateUpdated": "2024-08-02T01:10:55.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

2 vulnerabilities found for UniFi Connect Application by Ubiquiti Inc

CVE-2024-29207 (GCVE-0-2024-29207)

CVE-2024-29207 (GCVE-0-2024-29207)