Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for UniFi Network application by Ubiquiti Inc.

    CVE-2023-28365 (GCVE-0-2023-28365)

    Vulnerability from nvd – Published: 2023-06-30 23:40 – Updated: 2024-11-27 17:23
    VLAI
    Summary
    A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc. UniFi Network application Affected: 7.3.83 , ≤ 7.3.83 (semver)
    Create a notification for this product.
    ubiquiti unifi_network_application Affected: 0 , ≤ 7.3.83 (semver)
        cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:25.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unifi_network_application",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "lessThanOrEqual": "7.3.83",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-27T17:22:20.390330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-27T17:23:23.036Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Network application",
              "vendor": "Ubiquiti Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.83",
                  "status": "affected",
                  "version": "7.3.83",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T23:40:13.388Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2023-28365",
        "datePublished": "2023-06-30T23:40:13.388Z",
        "dateReserved": "2023-03-15T01:00:13.221Z",
        "dateUpdated": "2024-11-27T17:23:23.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28365 (GCVE-0-2023-28365)

    Vulnerability from cvelistv5 – Published: 2023-06-30 23:40 – Updated: 2024-11-27 17:23
    VLAI
    Summary
    A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc. UniFi Network application Affected: 7.3.83 , ≤ 7.3.83 (semver)
    Create a notification for this product.
    ubiquiti unifi_network_application Affected: 0 , ≤ 7.3.83 (semver)
        cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:25.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unifi_network_application",
                "vendor": "ubiquiti",
                "versions": [
                  {
                    "lessThanOrEqual": "7.3.83",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-27T17:22:20.390330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-27T17:23:23.036Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi Network application",
              "vendor": "Ubiquiti Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.83",
                  "status": "affected",
                  "version": "7.3.83",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T23:40:13.388Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2023-28365",
        "datePublished": "2023-06-30T23:40:13.388Z",
        "dateReserved": "2023-03-15T01:00:13.221Z",
        "dateUpdated": "2024-11-27T17:23:23.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }