CVE-2024-29206 - OpenCVE

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Access G2 Reader Pro (Version 1.2.172 and earlier) UniFi Access Reader Pro (Version 2.7.238 and earlier) UniFi Access Intercom (Version 1.0.66 and earlier) UniFi Access Intercom Viewer (Version 1.0.5 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Access G2 Reader Pro Version 1.3.37 or later. Update UniFi Access Reader Pro Version 2.8.19 or later. Update UniFi Access Intercom Version 1.1.32 or later. Update UniFi Access Intercom Viewer Version 1.1.6 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-05-07T16:40:02.543Z

Updated: 2024-08-02T01:10:55.425Z

Reserved: 2024-03-19T01:04:06.323Z

Link: CVE-2024-29206

Vulnrichment

Updated: 2024-08-02T01:10:55.425Z

NVD

Status : Awaiting Analysis

Published: 2024-05-07T17:15:08.027

Modified: 2024-07-03T01:52:17.397

Link: CVE-2024-29206

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29206", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-03-19T01:04:06.323Z", "datePublished": "2024-05-07T16:40:02.543Z", "dateUpdated": "2024-08-02T01:10:55.425Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system.\n\n \n\nAffected Products:\n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Access G2 Reader Pro (Version 1.2.172 and earlier)\n\nUniFi Access Reader Pro (Version 2.7.238 and earlier)\n\nUniFi Access Intercom (Version 1.0.66 and earlier)\n\nUniFi Access Intercom Viewer (Version 1.0.5 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later. \n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Access G2 Reader Pro Version 1.3.37 or later.\n\nUpdate UniFi Access Reader Pro Version 2.8.19 or later.\n\nUpdate UniFi Access Intercom Version 1.1.32 or later.\n\nUpdate UniFi Access Intercom Viewer Version 1.1.6 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later. \n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station", "versions": [{"version": "1.2.15", "status": "affected", "lessThan": "1.2.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station Pro", "versions": [{"version": "1.2.15", "status": "affected", "lessThan": "1.2.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Access G2 Reader Pro ", "versions": [{"version": "1.3.37", "status": "affected", "lessThan": "1.3.37", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Access Reader Pro ", "versions": [{"version": "2.8.19", "status": "affected", "lessThan": "2.8.19", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Access Intercom", "versions": [{"version": "1.1.32", "status": "affected", "lessThan": "1.1.32", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Access Intercom Viewer", "versions": [{"version": "1.1.6", "status": "affected", "lessThan": "1.1.6", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect Display", "versions": [{"version": "1.11.348", "status": "affected", "lessThan": "1.11.348", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast ", "versions": [{"version": "1.8.255", "status": "affected", "lessThan": "1.8.255", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseScore": 2.2, "baseSeverity": "LOW"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-05-07T16:40:02.543Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-08T15:33:56.493181Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_ev_station", "versions": [{"status": "affected", "version": "1.2.15"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_access_g2_reader_pro:*:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_access_g2_reader_pro", "versions": [{"status": "affected", "version": "1.3.37"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_display", "versions": [{"status": "affected", "version": "1.11.348"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_display_cast", "versions": [{"status": "affected", "version": "1.8.255"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_access_reader_pro:*:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_access_reader_pro", "versions": [{"status": "affected", "version": "2.8.19"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_access_intercom:*:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_access_intercom", "versions": [{"status": "affected", "version": "1.1.32"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_access_intercom_viewer:*:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_access_intercom_viewer", "versions": [{"status": "affected", "version": "1.1.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_ev_station_pro", "versions": [{"status": "affected", "version": "1.2.15"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:56:59.455Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:55.425Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:55.425Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-08T15:33:56.493181Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_ev_station", "versions": [{"status": "affected", "version": "1.2.15"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_access_g2_reader_pro:*:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_access_g2_reader_pro", "versions": [{"status": "affected", "version": "1.3.37"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_display", "versions": [{"status": "affected", "version": "1.11.348"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_display_cast", "versions": [{"status": "affected", "version": "1.8.255"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_access_reader_pro:*:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_access_reader_pro", "versions": [{"status": "affected", "version": "2.8.19"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_access_intercom:*:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_access_intercom", "versions": [{"status": "affected", "version": "1.1.32"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_access_intercom_viewer:*:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_access_intercom_viewer", "versions": [{"status": "affected", "version": "1.1.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_ev_station_pro", "versions": [{"status": "affected", "version": "1.2.15"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-08T15:43:22.478Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 2.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station", "versions": [{"status": "affected", "version": "1.2.15", "lessThan": "1.2.15", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station Pro", "versions": [{"status": "affected", "version": "1.2.15", "lessThan": "1.2.15", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Access G2 Reader Pro ", "versions": [{"status": "affected", "version": "1.3.37", "lessThan": "1.3.37", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Access Reader Pro ", "versions": [{"status": "affected", "version": "2.8.19", "lessThan": "2.8.19", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Access Intercom", "versions": [{"status": "affected", "version": "1.1.32", "lessThan": "1.1.32", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Access Intercom Viewer", "versions": [{"status": "affected", "version": "1.1.6", "lessThan": "1.1.6", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect Display", "versions": [{"status": "affected", "version": "1.11.348", "lessThan": "1.11.348", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast ", "versions": [{"status": "affected", "version": "1.8.255", "lessThan": "1.8.255", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"}], "descriptions": [{"lang": "en", "value": "An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system.\n\n \n\nAffected Products:\n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Access G2 Reader Pro (Version 1.2.172 and earlier)\n\nUniFi Access Reader Pro (Version 2.7.238 and earlier)\n\nUniFi Access Intercom (Version 1.0.66 and earlier)\n\nUniFi Access Intercom Viewer (Version 1.0.5 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later. \n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Access G2 Reader Pro Version 1.3.37 or later.\n\nUpdate UniFi Access Reader Pro Version 2.8.19 or later.\n\nUpdate UniFi Access Intercom Version 1.1.32 or later.\n\nUpdate UniFi Access Intercom Viewer Version 1.1.6 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later. \n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-05-07T16:40:02.543Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29206", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:10:55.425Z", "dateReserved": "2024-03-19T01:04:06.323Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2024-05-07T16:40:02.543Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system.\n\n \n\nAffected Products:\n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Access G2 Reader Pro (Version 1.2.172 and earlier)\n\nUniFi Access Reader Pro (Version 2.7.238 and earlier)\n\nUniFi Access Intercom (Version 1.0.66 and earlier)\n\nUniFi Access Intercom Viewer (Version 1.0.5 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later. \n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Access G2 Reader Pro Version 1.3.37 or later.\n\nUpdate UniFi Access Reader Pro Version 2.8.19 or later.\n\nUpdate UniFi Access Intercom Version 1.1.32 or later.\n\nUpdate UniFi Access Intercom Viewer Version 1.1.6 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later. \n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later."}, {"lang": "es", "value": "Un control de acceso inadecuado podr\u00eda permitir que un actor malicioso autenticado en la API habilite Android Debug Bridge (ADB) y realice cambios no compatibles en el sistema. Productos afectados: UniFi Connect EV Station (versi\u00f3n 1.1.18 y anteriores) UniFi Connect EV Station Pro (versi\u00f3n 1.1.18 y anteriores) UniFi Access G2 Reader Pro (versi\u00f3n 1.2.172 y anteriores) UniFi Access Reader Pro (versi\u00f3n 2.7.238 y anteriores) UniFi Access Intercom (versi\u00f3n 1.0.66 y anteriores) UniFi Access Intercom Viewer (versi\u00f3n 1.0.5 y anteriores) UniFi Connect Display (versi\u00f3n 1.9.324 y anteriores) UniFi Connect Display Cast (versi\u00f3n 1.6.225 y anteriores) Mitigaci\u00f3n : Actualice la aplicaci\u00f3n UniFi Connect a la versi\u00f3n 3.10.7 o posterior. Actualice UniFi Connect EV Station a la versi\u00f3n 1.2.15 o posterior. Actualice UniFi Connect EV Station Pro a la versi\u00f3n 1.2.15 o posterior. Actualice UniFi Access G2 Reader Pro versi\u00f3n 1.3.37 o posterior. Actualice UniFi Access Reader Pro versi\u00f3n 2.8.19 o posterior. Actualice UniFi Access Intercom versi\u00f3n 1.1.32 o posterior. Actualice UniFi Access Intercom Viewer versi\u00f3n 1.1.6 o posterior. Actualice UniFi Connect Display a la versi\u00f3n 1.11.348 o posterior. Actualice UniFi Connect Display Cast a la versi\u00f3n 1.8.255 o posterior."}], "id": "CVE-2024-29206", "lastModified": "2024-07-03T01:52:17.397", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2024-05-07T17:15:08.027", "references": [{"source": "support@hackerone.com", "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}