ByteOS Network

CVE Vulnerability Details :

CVE-2023-31997

PUBLISHED

More Info Official Page

Assigner-hackerone

Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1

Published At-30 Jun, 2023 | 23:39

Updated At-26 Nov, 2024 | 19:07

▼CVE Numbering Authority (CNA)

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.

Affected Products

Vendor

Ubiquiti Inc.

Product

UniFi OS

Default Status

unaffected

Versions

Affected

From 3.1.13 through 3.1.13 (semver)

References

Hyperlink	Resource
https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4	N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4	x_transferred

2. CISA ADP Vulnrichment

Affected Products

Vendor

Ubiquiti Inc.

Product

unifi_os

CPEs

cpe:2.3:a:ubiquiti:unifi_os:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 3.1 through 3.1.13 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-863	CWE-863 Incorrect Authorization

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References