Vulnerabilities > UI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-41721 | Unspecified vulnerability in UI Unifi Network Application Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. | 5.3 |
| 2023-07-08 | CVE-2023-32000 | Cross-site Scripting vulnerability in UI Unifi Network Application A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. | 4.8 |
| 2023-04-19 | CVE-2023-28123 | Incorrect Permission Assignment for Critical Resource vulnerability in UI Desktop 0.55.1.2/0.55.3.17/0.59.1.71 A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | 5.5 |
| 2023-04-19 | CVE-2023-28124 | Inadequate Encryption Strength vulnerability in UI Desktop 0.55.1.2/0.55.3.17/0.59.1.71 Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. | 5.5 |
| 2023-02-02 | CVE-2023-23119 | Improper Validation of Integrity Check Value vulnerability in UI Af-2X Firmware The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. | 5.9 |
| 2022-12-23 | CVE-2022-44565 | Unspecified vulnerability in UI products An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device. | 5.3 |
| 2021-12-07 | CVE-2021-44527 | Resource Exhaustion vulnerability in UI Unifi Switch Firmware A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. | 6.5 |
| 2020-11-05 | CVE-2020-8267 | Improper Authentication vulnerability in UI Unifi Protect Firmware A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer. | 5.3 |
| 2020-08-17 | CVE-2020-8232 | Information Exposure vulnerability in UI Edgeswitch Firmware 1.7.1 An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages. | 6.5 |
| 2020-07-30 | CVE-2020-8213 | Information Exposure Through an Error Message vulnerability in UI Unifi Protect 1.13.3 An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing. | 5.3 |