PT-2021-15297 · Ubiquiti · Unifi Protect
Published
2021-11-24
·
Updated
2022-08-30
·
CVE-2021-22957
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UniFi Protect versions 1.19.2 and earlier
Description
A Cross-Origin Resource Sharing (CORS) issue allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over the user's account.
Recommendations
For UniFi Protect versions 1.19.2 and earlier, update to UniFi Protect application Version 1.20.0 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unifi Protect