PT-2024-31483 · Ubiquiti · Unifi Ios App

Published

2024-12-04

Updated

2024-12-04

CVE-2024-45205

CVSS v3.1

7.1

High

Vector

AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UniFi iOS App versions 10.17.7 and earlier

Description An improper certificate validation in the UniFi iOS App managing a standalone UniFi Access Point could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point.

Recommendations For UniFi iOS App versions 10.17.7 and earlier, update to version 10.18.0 or later to mitigate the issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2024-45205

Affected Products

Unifi Ios App

PT-2024-31483 · Ubiquiti · Unifi Ios App

CVE-2024-45205

Weakness Enumeration

Related Identifiers

Affected Products

References · 5