CVE-2024-27981
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.
Affected Products: UniFi Network Application (Version 8.0.28 and earlier) .
Mitigation: Update UniFi Network Application to Version 8.1.113 or later.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ubiquiti Inc | UniFi Network Application | 8.1.113 < 8.1.113 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.