CVE-2023-41721

Summary

Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.

Affected Products: UDM UDM-PRO UDM-SE UDR UDW

Mitigation: Update UniFi Network to Version 7.5.187 or later.

Affected Software

VendorProductVersion RangeStatus
UbiquitiUniFi Network Application7.5.176 <= 7.5.176affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References