Описание
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
Затрагиваемое ПО
Ui Unifi os serverUi Unifi dream machine firmwareUi Unifi dream machineUi Unifi dream machine pro firmwareUi Unifi dream machine proUi Unifi dream machine special edition firmwareUi Unifi dream machine special editionUi Unifi dream machine pro max firmwareUi Unifi dream machine pro maxUi Unifi dream machine beast firmwareUi Unifi dream machine beastUi Enterprise fortress gateway firmwareUi Enterprise fortress gatewayUi Unifi dream router firmwareUi Unifi dream routerUi Unifi dream wall firmwareUi Unifi dream wallUi Unifi dream router 7 firmwareUi Unifi dream router 7Ui Unifi express 7 firmwareUi Unifi express 7Ui Unifi cloudkey firmwareUi Unifi cloudkeyUi Unifi cloud key plus firmwareUi Unifi cloud key plus
CVSS
| Балл | 8.6 — высокая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Источники
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc