An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point.
Affected Products:
UniFi iOS App (Version 10.17.7 and earlier)
Mitigation:
UniFi iOS App (Version 10.18.0 or later).
Metrics
Affected Vendors & Products
References
History
Wed, 04 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ui
Ui unifi |
|
Weaknesses | CWE-295 | |
CPEs | cpe:2.3:a:ui:unifi:*:*:*:*:*:ios:*:* | |
Vendors & Products |
Ui
Ui unifi |
|
Metrics |
ssvc
|
Wed, 04 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later). | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-12-04T01:06:04.643Z
Updated: 2024-12-04T16:29:27.075Z
Reserved: 2024-08-23T01:00:01.061Z
Link: CVE-2024-45205
Vulnrichment
Updated: 2024-12-04T16:29:19.186Z
NVD
Status : Received
Published: 2024-12-04T02:15:05.323
Modified: 2024-12-04T17:15:14.330
Link: CVE-2024-45205
Redhat
No data.