A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
History

Mon, 28 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Network Application
Weaknesses CWE-276
CPEs cpe:2.3:a:ubiquiti:unifi_network_application:*:*:*:*:*:*:*:*
Vendors & Products Ubiquiti
Ubiquiti unifi Network Application
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 28 Oct 2024 16:00:00 +0000

Type Values Removed Values Added
Description A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
References
Metrics cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-10-28T15:54:15.384Z

Updated: 2024-10-28T18:53:11.285Z

Reserved: 2024-07-27T01:04:08.014Z

Link: CVE-2024-42028

cve-icon Vulnrichment

Updated: 2024-10-28T18:46:19.500Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-28T16:15:03.820

Modified: 2024-10-29T14:34:50.257

Link: CVE-2024-42028

cve-icon Redhat

No data.