SB2024070470 - Multiple vulnerabilities in Ubiquiti Networks products

Description

This security bulletin contains information about 3 vulnerabilities.

1) Improper access control (CVE-ID: CVE-2024-29206)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the setDebugPortEnabled method. A remote administrator can enable Android Debug Bridge (ADB) and make unsupported changes to the system.

2) Unverified Password Change (CVE-ID: CVE-2024-29208)

CWE-ID: CWE-620 - Unverified Password Change

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to lack of proper validation of the old password before setting a new password. A remote administrator can change the system password without knowing the previous password.

3) Improper Certificate Validation (CVE-ID: CVE-2024-29207)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper server certificate verification within the EVCLauncher application. A remote attacker on the local network can take control of the system.

Remediation

Install update from vendor's website.

References

• https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09
• https://www.zerodayinitiative.com/advisories/ZDI-24-881/
• https://www.zerodayinitiative.com/advisories/ZDI-24-879/
• https://www.zerodayinitiative.com/advisories/ZDI-24-880/