← Back

CVE-2023-28361

nvd nist
Published: May 11, 2023Modified: Jun 17, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.

Affected (1)

Products: Uni: Unifi Os
1 product
Unifi Os
Configuration A
1 vulnerable · 8 platform
Vulnerable SoftwareAffected Versions
Before 3.0.13
Running on/withPlatform Versions
Uni
Cloud Key Gen2
All versions
Uni
Cloud Key Gen2 Plus
All versions
Uni
Ubiquiti Networks Unifi Dream Machine
All versions
Uni
Ubiquiti Networks Unifi Dream Machine Professional
All versions
Uni
Ubiquiti Networks Unifi Dream Machine Se
All versions
Uni
Unifi Dream Router
All versions
Uni
Unifi Protect Network Video Recorder
All versions
Uni
Unifi Protect Network Video Recorder Professional
All versions

Timeline

No history available yet.