An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later).
History

Wed, 04 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Ui
Ui unifi
Weaknesses CWE-295
CPEs cpe:2.3:a:ui:unifi:*:*:*:*:*:ios:*:*
Vendors & Products Ui
Ui unifi
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 04 Dec 2024 01:45:00 +0000

Type Values Removed Values Added
Description An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later).
References
Metrics cvssV3_0

{'score': 7.1, 'vector': 'CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-12-04T01:06:04.643Z

Updated: 2024-12-04T16:29:27.075Z

Reserved: 2024-08-23T01:00:01.061Z

Link: CVE-2024-45205

cve-icon Vulnrichment

Updated: 2024-12-04T16:29:19.186Z

cve-icon NVD

Status : Received

Published: 2024-12-04T02:15:05.323

Modified: 2024-12-04T17:15:14.330

Link: CVE-2024-45205

cve-icon Redhat

No data.