CVE-2023-31997
First published: Fri Jun 30 2023(Updated: )
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Unifi Os | =3.1 | |
| Ui Cloud Key Gen2 | ||
| Ui Cloud Key Gen2 Plus | ||
| All of | ||
| Ui Unifi Os | =3.1 | |
| Any of | ||
| Ui Cloud Key Gen2 | ||
| Ui Cloud Key Gen2 Plus |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2023-31997.
What is the severity of CVE-2023-31997?
CVE-2023-31997 has a severity level of critical with a value of 9.
Which version of UniFi OS is affected by CVE-2023-31997?
UniFi OS version 3.1 is affected by CVE-2023-31997.
How can a user on a local network access MongoDB through this vulnerability?
UniFi OS 3.1 introduces a misconfiguration that allows users on a local network to access MongoDB.
Are all Cloud Keys vulnerable to CVE-2023-31997?
No, only Applicable Cloud Keys that are running UniFi OS 3.1 and hosting the UniFi Network application are vulnerable.
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/ui
- canonical/ui unifi os
- version/ui unifi os/3.1
- canonical/ui cloud key gen2
- canonical/ui cloud key gen2 plus