CVE-2024-29207

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

n Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.

References

Link	Resource
https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09
https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09

Configurations

No configuration.

History

21 Nov 2024, 09:07

Type	Values Removed	Values Added
References	~~() https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09 -~~	() https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09 -

03 Jul 2024, 01:52

Type	Values Removed	Values Added
CWE		CWE-284

07 May 2024, 20:07

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 17:15

Updated : 2024-11-21 09:07

NVD link : CVE-2024-29207

Mitre link : CVE-2024-29207

CVE.ORG link : CVE-2024-29207

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

{"id": "CVE-2024-29207", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-05-07T17:15:08.183", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09", "source": "[email protected]"}, {"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. \n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.7.9 and earlier) \n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later.\n\n"}, {"lang": "es", "value": "Una validaci\u00f3n de certificado incorrecta podr\u00eda permitir que un actor malintencionado con acceso a una red adyacente tome el control del sistema. Productos afectados: Aplicaci\u00f3n UniFi Connect (Versi\u00f3n 3.7.9 y anteriores) UniFi Connect EV Station (Versi\u00f3n 1.1.18 y anteriores) UniFi Connect EV Station Pro (Versi\u00f3n 1.1.18 y anteriores) UniFi Connect Display (Versi\u00f3n 1.9.324 y anteriores) UniFi Connect Display Cast (versi\u00f3n 1.6.225 y anteriores) Mitigaci\u00f3n: actualice la aplicaci\u00f3n UniFi Connect a la versi\u00f3n 3.10.7 o posterior. Actualice UniFi Connect EV Station a la versi\u00f3n 1.2.15 o posterior. Actualice UniFi Connect EV Station Pro a la versi\u00f3n 1.2.15 o posterior. Actualice UniFi Connect Display a la versi\u00f3n 1.11.348 o posterior. Actualice UniFi Connect Display Cast a la versi\u00f3n 1.8.255 o posterior."}], "lastModified": "2024-11-21T09:07:49.203", "sourceIdentifier": "[email protected]"}