CVE-2023-31997 - Vulnerability Details - OpenCVE

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ubiquiti	Unifi Os
Ui	Cloud Key Gen2 Cloud Key Gen2 Plus Unifi Os

Configuration 1 [-]

AND

cpe:2.3:o:ui:unifi_os:3.1:*:*:*:*:*:*:*

OR	cpe:2.3:h:ui:cloud_key_gen2:-:::::::*
	cpe:2.3:h:ui:cloud_key_gen2_plus:-:::::::*

No data.

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4

History

Tue, 26 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ubiquiti Ubiquiti unifi Os
Weaknesses		CWE-863
CPEs		cpe:2.3:a:ubiquiti:unifi_os::::::::
Vendors & Products		Ubiquiti Ubiquiti unifi Os
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2023-06-30T23:39:29.425Z

Updated: 2024-11-26T19:07:26.989Z

Reserved: 2023-05-01T01:00:12.219Z

Link: CVE-2023-31997

Vulnrichment

Updated: 2024-08-02T15:03:28.530Z

NVD

Status : Modified

Published: 2023-07-01T00:15:10.337

Modified: 2024-11-26T19:15:20.320

Link: CVE-2023-31997

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31997", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2023-05-01T01:00:12.219Z", "datePublished": "2023-06-30T23:39:29.425Z", "dateUpdated": "2024-11-26T19:07:26.989Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. \"Applicable Cloud Keys\" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.\r\n\r\n"}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc.", "product": "UniFi OS", "versions": [{"version": "3.1.13", "status": "affected", "lessThanOrEqual": "3.1.13", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-06-30T23:39:29.425Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:03:28.530Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-863", "lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "affected": [{"vendor": "ubiquiti", "product": "unifi_os", "cpes": ["cpe:2.3:a:ubiquiti:unifi_os:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.1", "status": "affected", "lessThanOrEqual": "3.1.13", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-26T19:03:26.624874Z", "id": "CVE-2023-31997", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T19:07:26.989Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:03:28.530Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-31997", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-26T19:03:26.624874Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ubiquiti:unifi_os:*:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_os", "versions": [{"status": "affected", "version": "3.1", "versionType": "semver", "lessThanOrEqual": "3.1.13"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T19:04:28.497Z"}}], "cna": {"affected": [{"vendor": "Ubiquiti Inc.", "product": "UniFi OS", "versions": [{"status": "affected", "version": "3.1.13", "versionType": "semver", "lessThanOrEqual": "3.1.13"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4"}], "descriptions": [{"lang": "en", "value": "UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. \"Applicable Cloud Keys\" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.\r\n\r\n"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-06-30T23:39:29.425Z"}}}, "cveMetadata": {"cveId": "CVE-2023-31997", "state": "PUBLISHED", "dateUpdated": "2024-11-26T19:07:26.989Z", "dateReserved": "2023-05-01T01:00:12.219Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2023-06-30T23:39:29.425Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:unifi_os:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "FE09B39C-8ACF-46FA-895D-69ABFD495D0B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:cloud_key_gen2:-:*:*:*:*:*:*:*", "matchCriteriaId": "C852E1BD-DCDD-4326-B142-20E0CE6F2B8F", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:cloud_key_gen2_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D8F990C-8B8C-4A7A-AC50-114DF4C7280D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. \"Applicable Cloud Keys\" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.\r\n\r\n"}], "id": "CVE-2023-31997", "lastModified": "2024-11-26T19:15:20.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-01T00:15:10.337", "references": [{"source": "support@hackerone.com", "tags": ["Issue Tracking"], "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-032-032/e57301f4-4f5e-4d9f-90bc-71f1923ed7a4"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}