Lucene search

[email protected]NVD:CVE-2024-42025

HistorySep 13, 2024 - 4:15 p.m.

CVE-2024-42025

2024-09-1316:15:04

CWE-77

[email protected]

web.nvd.nist.gov

cve-2024-42025

self-hosted unifi

linux

unifi network application

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.

Affected configurations

Nvd

Node

uiunifi_network_applicationRange<8.4.59

VendorProductVersionCPE
uiunifi_network_application*cpe:2.3:a:ui:unifi_network_application:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ui	unifi_network_application	*	cpe:2.3:a:ui:unifi_network_application::::::::

References

community.ui.com/releases/Security-Advisory-Bulletin-042-042/c4f68b56-cdc4-4128-b2cb-5870209d1704

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2024-42025

cvelist1 cve1