Ubiquiti UniFi Network Application 7.5.176

CPE Details

Ubiquiti UniFi Network Application 7.5.176
ui
unifi_network_application
7.5.176
2023-10-31
16h19 +00:00
2023-10-31
16h19 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ui:unifi_network_application:7.5.176:*:*:*:*:*:*:*

Informations

Vendor

ui

Product

unifi_network_application

Version

7.5.176

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-42025 2024-09-13 15h47 +00:00 A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
7.8
High
CVE-2023-41721 2023-10-25 00h24 +00:00 Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.
5.3
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.