CVE-2024-45205

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later).

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.2 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://community.ui.com/releases/UniFi-iOS-10-18-0/42f02428-544c-4626-b5b3-5ae40308edc7

Configurations

No configuration.

History

04 Dec 2024, 17:15

Type	Values Removed	Values Added
Summary		(es) Una validación de certificado incorrecta en la aplicación UniFi iOS que administra un punto de acceso UniFi independiente (sin usar la aplicación de red UniFi) podría permitir que un actor malintencionado con acceso a una red adyacente tome el control de este punto de acceso UniFi. Productos afectados: aplicación UniFi iOS (versión 10.17.7 y anteriores) Mitigación: aplicación UniFi iOS (versión 10.18.0 o posterior).
CWE		CWE-295

04 Dec 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-04 02:15

Updated : 2024-12-04 17:15

NVD link : CVE-2024-45205

Mitre link : CVE-2024-45205

CVE.ORG link : CVE-2024-45205

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

7.1 /10