CVE-2023-28365

Published: Jul 1, 2023Modified: Dec 12, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: NVD

Description

A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

Affected (1)

Products: Ui: Unifi Network Application

1 product

Unifi Network Application

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Unifi Network Application	Before 7.4.156

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545

Source: support@hackerone.com

Issue TrackingVendor Advisory

https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.