CVE-2024-45205

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later).

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.2 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://community.ui.com/releases/UniFi-iOS-10-18-0/42f02428-544c-4626-b5b3-5ae40308edc7

Configurations

No configuration.

History

No history.

Information

Published : 2024-12-04 02:15

Updated : 2024-12-04 17:15

NVD link : CVE-2024-45205

Mitre link : CVE-2024-45205

CVE.ORG link : CVE-2024-45205

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

7.1 /10