Vulnerability-Lookup

CVE-2021-22943 (GCVE-0-2021-22943)

Vulnerability from cvelistv5 – Published: 2021-08-31 16:53 – Updated: 2024-08-03 18:58

Summary

Severity ?

No CVSS data available.

CWE

CWE-287 - Improper Authentication - Generic (CWE-287)

Assigner

hackerone

References

URL

	Vendor	Product	Version
	n/a	UniFi Protect application	Affected: Fixed on 1.19.0

CNVD-2022-15504

Vulnerability from cnvd - Published: 2022-03-01

Title

Ubiquiti Networks UniFi Protect授权问题漏洞

Description

Ubiquiti Networks UniFi Protect是美国优比快（Ubiquiti Networks）公司的一款网络视频录像机。 Ubiquiti Networks UniFi Protect application 1.18.1及之前版本存在安全漏洞，攻击者可利用漏洞获得网络访问权限的恶意行为者可以控制分配给该网络的Protect摄像机。

Severity

高

Patch Name

Ubiquiti Networks UniFi Protect授权问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-22943

Impacted products

Name
Ubiquiti Networks UniFi Protect application <=1.18.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22943"
    }
  },
  "description": "Ubiquiti Networks UniFi Protect\u662f\u7f8e\u56fd\u4f18\u6bd4\u5feb\uff08Ubiquiti Networks\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u7edc\u89c6\u9891\u5f55\u50cf\u673a\u3002\n\nUbiquiti Networks UniFi Protect application 1.18.1\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97\u7f51\u7edc\u8bbf\u95ee\u6743\u9650\u7684\u6076\u610f\u884c\u4e3a\u8005\u53ef\u4ee5\u63a7\u5236\u5206\u914d\u7ed9\u8be5\u7f51\u7edc\u7684Protect\u6444\u50cf\u673a\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-15504",
  "openTime": "2022-03-01",
  "patchDescription": "Ubiquiti Networks UniFi Protect\u662f\u7f8e\u56fd\u4f18\u6bd4\u5feb\uff08Ubiquiti Networks\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u7edc\u89c6\u9891\u5f55\u50cf\u673a\u3002\r\n\r\nUbiquiti Networks UniFi Protect application 1.18.1\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97\u7f51\u7edc\u8bbf\u95ee\u6743\u9650\u7684\u6076\u610f\u884c\u4e3a\u8005\u53ef\u4ee5\u63a7\u5236\u5206\u914d\u7ed9\u8be5\u7f51\u7edc\u7684Protect\u6444\u50cf\u673a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ubiquiti Networks UniFi Protect\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Ubiquiti Networks UniFi Protect application \u003c=1.18.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-22943",
  "serverity": "\u9ad8",
  "submitTime": "2021-09-02",
  "title": "Ubiquiti Networks UniFi Protect\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

GHSA-FR4R-3V2C-WV3M

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-31T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.",
  "id": "GHSA-fr4r-3v2c-wv3m",
  "modified": "2022-05-24T19:12:35Z",
  "published": "2022-05-24T19:12:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22943"
    },
    {
      "type": "WEB",
      "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-22943

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22943

Aliases

CVE-2021-22943

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22943",
    "description": "A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.",
    "id": "GSD-2021-22943"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22943"
      ],
      "details": "A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.",
      "id": "GSD-2021-22943",
      "modified": "2023-12-13T01:23:24.187223Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2021-22943",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "UniFi Protect application",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Fixed on 1.19.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Authentication - Generic (CWE-287)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f",
            "refsource": "MISC",
            "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ui:unifi_protect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2021-22943"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2021-09-09T00:23Z",
      "publishedDate": "2021-08-31T17:15Z"
    }
  }
}

FKIE_CVE-2021-22943

Vulnerability from fkie_nvd - Published: 2021-08-31 17:15 - Updated: 2024-11-21 05:50

Severity ?

9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	support@hackerone.com	https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ui	unifi_protect	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ui:unifi_protect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD411A3-5CDD-4AA9-BED2-A5FC1AEC68DD",
              "versionEndExcluding": "1.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad encontrada en la aplicaci\u00f3n UniFi Protect versiones V1.18.1 y anteriores, permite a un actor malicioso que ya ha conseguido acceso a una red controlar posteriormente la(s) c\u00e1mara(s) Protect asignada(s) a dicha red. Esta vulnerabilidad es corregida en la aplicaci\u00f3n UniFi Protect versiones V1.19.0 y posteriores"
    }
  ],
  "id": "CVE-2021-22943",
  "lastModified": "2024-11-21T05:50:59.213",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-31T17:15:07.767",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202108-0412

Vulnerability from variot - Updated: 2025-01-30 20:04

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. UniFi Protect The application contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Ubiquiti Networks UniFi Protect is a network video recorder from Ubiquiti Networks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202108-0412",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unifi protect",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ui",
        "version": "1.19.0"
      },
      {
        "model": "unifi protect",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ui",
        "version": null
      },
      {
        "model": "unifi protect",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ui",
        "version": "1.18.1  and earlier"
      },
      {
        "model": "networks unifi protect application",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "ubiquiti",
        "version": "\u003c=1.18.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22943"
      }
    ]
  },
  "cve": "CVE-2021-22943",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2021-22943",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2022-15504",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-22943",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.6,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-22943",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-22943",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-22943",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-15504",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-2800",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-22943",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2800"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22943"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. UniFi Protect The application contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Ubiquiti Networks UniFi Protect is a network video recorder from Ubiquiti Networks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22943"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-22943",
        "trust": 4.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2800",
        "trust": 0.6
      },
      {
        "db": "OTHER",
        "id": "NONE",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22943",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2800"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22943"
      }
    ]
  },
  "id": "VAR-202108-0412",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      }
    ],
    "trust": 1.2854701
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "camera device"
        ],
        "sub_category": "camera",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      }
    ]
  },
  "last_update_date": "2025-01-30T20:04:09.722000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security\u00a0Advisory\u00a0Bulletin\u00a0019",
        "trust": 0.8,
        "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f"
      },
      {
        "title": "Patch for Ubiquiti Networks UniFi Protect Authorization Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/322546"
      },
      {
        "title": "Ubiquiti Networks UniFi Protect Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161108"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2800"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22943"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://community.ui.com/releases/security-advisory-bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22943"
      },
      {
        "trust": 0.1,
        "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2800"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22943"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2800"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22943"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      },
      {
        "date": "2021-08-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22943"
      },
      {
        "date": "2022-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "date": "2021-08-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-2800"
      },
      {
        "date": "2021-08-31T17:15:07.767000",
        "db": "NVD",
        "id": "CVE-2021-22943"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-15504"
      },
      {
        "date": "2021-09-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22943"
      },
      {
        "date": "2022-07-25T08:10:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      },
      {
        "date": "2021-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-2800"
      },
      {
        "date": "2021-09-09T00:23:55.950000",
        "db": "NVD",
        "id": "CVE-2021-22943"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2800"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "UniFi\u00a0Protect\u00a0 Authentication vulnerabilities in applications",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011255"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2800"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22943 (GCVE-0-2021-22943)

CNVD-2022-15504

GHSA-FR4R-3V2C-WV3M

GSD-2021-22943

FKIE_CVE-2021-22943

VAR-202108-0412

Tags

Sightings

Nomenclature