CVE-2023-28361

Published: May 11, 2023

Modified: Jan 27, 2025

PUBLISHED

Description

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.

Vendor	Product	Versions
n/a	UniFi OS	affected `Fixed in UniFi OS 3.0.13 or later.`

Weaknesses (CWE)

CWE-352

References

https://community.ui.com/releases/Security-Advisory-Bulletin-030-030/f9de9e65-585f-4c66-81e9-5d8f54ba66dd

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now