PT-2020-20071 · Ubiquiti · Unifi Protect+3

Published

2020-11-05

Updated

2020-11-19

CVE-2020-8267

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions UniFi Protect versions 1.14.10 and earlier UDM-Pro firmware versions 1.7.2 and earlier UNVR firmware versions 1.3.12 and earlier

Description A security issue was found in the UniFi Protect controller API, where the authentication was using x-token improperly, allowing attackers to send authenticated messages without a valid token. This issue does not impact UniFi Cloud Key Gen 2 plus or UDM-Pro customers with UniFi Protect stopped.

Recommendations Update UniFi Protect to version 1.14.11 or newer. Update UNVR firmware to version 1.3.15 or newer. Update UDM-Pro firmware to version 1.8.0 or newer.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-8267

Affected Products

Udm-Pro

Unvr

Unifi Cloud Key Gen 2

Unifi Protect

PT-2020-20071 · Ubiquiti · Unifi Protect+3

CVE-2020-8267

Weakness Enumeration

Related Identifiers

Affected Products

References · 6