Filtered by vendor Ui Subscriptions
Filtered by product Unifi Network Application Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-32000 1 Ui 1 Unifi Network Application 2024-10-21 4.8 Medium
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.
CVE-2024-42025 2 Ubiquiti, Ui 2 Unifi Network Application, Unifi Network Application 2024-09-28 7.8 High
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
CVE-2023-41721 1 Ui 6 Unifi Dream Machine, Unifi Dream Machine Pro, Unifi Dream Machine Special Edition and 3 more 2024-09-13 5.3 Medium
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.