Unifi Security Advisory 042 - Hosted controllers 8.3.32 and older

Written By Admin

Following notification of Security Advisory 042 directly from Ubiquiti, Clouduni.fi team have stepped up testing of Network Application version 8.4.59. We will begin to upgrade all servers between 3rd and 4th September.

Whilst there is little opportunity for a malicious actor to gain access via SSH as we lock down SSH ports, Clouduni.fi will not take any risks and will upgrade all controllers.

Published: September 3, 2024

Version: 1.0

Revision: 1.0

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.

Affected Products:

UniFi Network Application (Version 8.3.32 and earlier) .

Mitigation:

Update UniFi Network Application to Version 8.4.59 or later.

Impact:

CVSS v3.0 Severity and Metrics:

Base Score: 7.8 High

Vector: 

CVSS: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE: CVE-2024-42025 (Harry Sintonen)

Reference Links:

https://community.ui.com/releases/UniFi-Network-Application-8-4-59/d3ba4443-ad36-4566-b1e6-2d21d8b4f225

Admin
Previous

Ease of Deployment and Management with Unifi and Clouduni.fi
Next

Unifi Network Application 8.2.93