Lucene search

[email protected]CVE-2023-24104

HistoryFeb 23, 2023 - 4:15 p.m.

CVE-2023-24104

2023-02-2316:15:11

[email protected]

web.nvd.nist.gov

ubiquiti

unifi

dream machine pro

v7.2.95

cve-2023-24104

bypass

domain restrictions

crafted packets

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.

Affected configurations

NVD

Node

uiunifi_dream_machine_proMatch-

AND

uiunifi_dream_machine_pro_firmwareMatch7.2.95

CPENameOperatorVersion
ui:unifi_dream_machine_pro_firmwareui unifi dream machine pro firmwareeq7.2.95

CPE	Name	Operator	Version
ui:unifi_dream_machine_pro_firmware	ui unifi dream machine pro firmware	eq	7.2.95

References

attack.mitre.org/techniques/T1090/004/

github.com/f1veT/BUG/issues/1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

Related for CVE-2023-24104

cvelist1 prion1 nvd1