CVE-2024-45205

Summary

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point.

Affected Products: UniFi iOS App (Version 10.17.7 and earlier)

Mitigation: UniFi iOS App (Version 10.18.0 or later).

Affected Software

VendorProductVersion RangeStatus
UbiquitiUniFi iOS App10.18.0 < 10.18.0unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References