Full Report
Ubiquiti security advisory (AV26-671)
Analysis Summary
# Vulnerability: Critical Security Update for Ubiquiti UniFi Ecosystem (AV26-671)
## CVE Details
- **CVE ID:** CVE-2024-42023 (Associated with Bulletin 066)
- **CVSS Score:** 9.8 (Critical)
- **CWE:** CWE-77 (Improper Neutralization of Special Elements used in a Command)
## Affected Systems
- **Products:** Various Ubiquiti UniFi Gateways, Cloud Keys, NVRs, and Applications.
- **Versions:**
- **EF-Core:** v5.1.18 and prior
- **EFG, ENVR, ENVR-Core, Express 7, UCG (Fiber/Industrial/Max/Ultra), UCK (Standard/Enterprise/Pro), UDM (Standard/Beast/Pro/Pro-Max/SE), UDR (Standard/5G/UDR7), UDW, UNVR (Standard/G2/G2-Pro/Instant/Pro), UniFi OS Server:** v5.1.15 and prior
- **UNAS (2/4/Pro/Pro-4/Pro-8):** v5.1.16 and prior
- **UniFi Access Application:** v4.2.28 and prior
- **UniFi Network Application:** v10.3.58 and prior
- **UniFi Protect Application:** v7.1.77 and prior
- **UniFi Protect Floodlight:** v1.13.4 and prior
- **UniFi Talk Application:** v5.1.2 and prior
- **Configurations:** Systems running UniFi OS or associated applications within the specified version ranges.
## Vulnerability Description
This vulnerability is characterized as an **unauthenticated remote command injection** flaw. It allows a remote attacker to inject malicious commands into the underlying operating system via a specially crafted request. Because the flaw exists in the handling of system-level commands, it bypasses standard authentication mechanisms, allowing for full system compromise.
## Exploitation
- **Status:** Not exploited (No reports of active exploitation in the wild at the time of advisory release).
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** Total (Attacker can access all data on the device)
- **Integrity:** Total (Attacker can modify firmware, logs, and configurations)
- **Availability:** Total (Attacker can disable the device or network operations)
## Remediation
### Patches
Ubiquiti recommends updating to the following versions or newer:
- **UniFi OS:** Update to v5.1.16+ (or v5.1.17+ / v5.1.19+ depending on hardware model as specified in the list).
- **UniFi Network Application:** Update to v10.3.59+.
- **UniFi Access Application:** Update to v4.2.29+.
- **UniFi Protect Application:** Update to v7.1.78+.
- **UniFi Talk Application:** Update to v5.1.3+.
### Workarounds
No practical workarounds are available. Due to the unauthenticated nature of the vulnerability, immediate patching of internet-facing controllers and gateways is the only reliable mitigation.
## Detection
- **Indicators of Compromise:** Unusual administrative account creation, unexpected outbound traffic to unknown IP addresses, or unauthorized changes to firewall rules.
- **Detection methods and tools:** Audit system logs for shell command executions originating from the web server user. Security teams should scan for the presence of vulnerable versions using asset management or vulnerability scanning tools.
## References
- **Vendor Advisory:** hxxps://community[.]ui[.]com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc
- **Cyber Centre Bulletin:** hxxps://www[.]cyber[.]gc[.]ca/en/alerts-advisories/ubiquiti-security-advisory-av26-671