PT-2020-16827 · Ubiquiti · Unifi Controller+1

Published

2020-10-27

Updated

2021-07-21

CVE-2020-27888

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ubiquiti UniFi Meshing Access Point UAP-AC-M version 4.3.21.11325 UniFi Controller version 6.0.28

Description An issue allows cached credentials to remain on an access point after it returns wirelessly from a disconnected state, potentially providing unintended network access.

Recommendations For Ubiquiti UniFi Meshing Access Point UAP-AC-M version 4.3.21.11325, consider resetting the device to clear cached credentials after a wireless reconnection. For UniFi Controller version 6.0.28, restrict access to sensitive areas of the network until a fix is available to prevent potential exploitation of the cached credentials issue.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-459CWE-522

Related Identifiers

CVE-2020-27888

Affected Products

Uap-Ac-M

Unifi Controller

PT-2020-16827 · Ubiquiti · Unifi Controller+1

CVE-2020-27888

Weakness Enumeration

Related Identifiers

Affected Products

References · 3