Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-22957 | 1 Ui | 1 Unifi Protect | 2022-08-30 | 6.8 MEDIUM | 8.8 HIGH |
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. | |||||
CVE-2021-22944 | 1 Ui | 1 Unifi Protect | 2022-07-12 | 7.7 HIGH | 8.0 HIGH |
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. | |||||
CVE-2021-22943 | 1 Ui | 1 Unifi Protect | 2021-09-08 | 8.3 HIGH | 9.6 CRITICAL |
A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. | |||||
CVE-2020-8213 | 1 Ui | 1 Unifi Protect | 2020-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing. | |||||
CVE-2020-8188 | 1 Ui | 4 Unifi Cloud Key Plus, Unifi Dream Machine Pro, Unifi Protect and 1 more | 2020-07-09 | 6.5 MEDIUM | 8.8 HIGH |
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges. |