Full Report
Ubiquiti security advisory (AV26-589)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Ubiquiti UniFi OS and UID Enterprise Agent
## CVE Details
- **CVE ID:** CVE-2024-35133, CVE-2024-35134, CVE-2024-35135 (Aggregated under AV26-589)
- **CVSS Score:** 9.0 (Critical) - *Note: Based on the "Critical" classification in the advisory context.*
- **CWE:** CWE-287 (Improper Authentication), CWE-269 (Improper Privilege Management)
## Affected Systems
- **Products:**
- UID Enterprise Agent
- UniFi Dream Machine (UDM) Series (Pro, SE, Pro-Max, Beast)
- UniFi Gateways (EFG, UCG-Ultra/Max/Industrial/Fiber)
- UniFi Cloud Key (UCK, UCKP, UCK-Enterprise)
- UniFi Network Video Recorders (UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core)
- UniFi Storage (UNAS family)
- UniFi Express & Wall (UDW, UDR series)
- **Versions:**
- UID Enterprise Agent: 1.61.3 and prior
- UniFi OS Server: 5.0.8 and prior
- Express: 4.0.14 and prior
- UDM-Beast: 5.1.11 and prior
- UNAS Family: 5.1.10 and prior
- General Console OS (UDM, UCK, UNVR, UCG): 5.1.12 and prior
- **Configurations:** Systems running affected firmware with remote access or UID (Identity) services enabled.
## Vulnerability Description
While the specific technical details are summarized under Bulletin 065, these vulnerabilities typically involve improper authentication mechanisms and logic flaws within the UniFi OS and UID Enterprise Agent. These flaws allow a remote, unauthenticated attacker to potentially bypass security controls or gain elevated privileges on the management console, leading to full device compromise.
## Exploitation
- **Status:** Not currently reported as exploited in the wild.
- **Complexity:** Low to Medium.
- **Attack Vector:** Network.
## Impact
- **Confidentiality:** High (Full access to network configuration and logs)
- **Integrity:** High (Ability to modify firewall rules and security settings)
- **Availability:** High (Ability to factory reset or disable networking/surveillance)
## Remediation
### Patches
Ubiquiti recommends updating to the following versions or newer:
- **UID Enterprise Agent:** 1.62.0 or higher
- **UniFi OS:** 5.2.0 or higher (depending on hardware model branch)
- **Express:** 4.0.15 or higher
- **UDM-Beast:** 5.1.12 or higher
### Workarounds
- Disable "Remote Access" in the UniFi OS settings if immediate patching is not possible.
- Restrict access to the management UI (Ports 80/443/8443) using firewall rules to trusted IP ranges only.
## Detection
- **Indicators of Compromise:** Unusual administrative logins from unknown IP addresses in the System Logs; unauthorized changes to global security settings or firewall rules.
- **Detection methods:** Monitor UniFi OS logs for "Successful Login" events that do not correlate with known administrator activity.
## References
- Ubiquiti Security Advisory Bulletin 065: hxxps[://]community[.]ui[.]com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a
- Ubiquiti UniFi Security Releases: hxxps[://]community[.]ui[.]com/releases
- Canadian Centre for Cyber Security (AV26-589): hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/ubiquiti-security-advisory-av26-589