Vulnerability Description
A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uni | Unifi Os | < 3.0.13 |
| Uni | Cloud Key Gen2 | - |
| Uni | Cloud Key Gen2 Plus | - |
| Uni | Ubiquiti Networks Unifi Dream Machine | - |
| Uni | Ubiquiti Networks Unifi Dream Machine Professional | - |
| Uni | Ubiquiti Networks Unifi Dream Machine Se | - |
| Uni | Unifi Dream Router | - |
| Uni | Unifi Protect Network Video Recorder | - |
| Uni | Unifi Protect Network Video Recorder Professional | - |
Related Weaknesses (CWE)
References
- https://community.ui.com/releases/Security-Advisory-Bulletin-030-030/f9de9e65-58Vendor Advisory
- https://community.ui.com/releases/Security-Advisory-Bulletin-030-030/f9de9e65-58Vendor Advisory
FAQ
What is CVE-2023-28361?
CVE-2023-28361 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a ma...
How severe is CVE-2023-28361?
CVE-2023-28361 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28361?
Check the references section above for vendor advisories and patch information. Affected products include: Uni Unifi Os, Uni Cloud Key Gen2, Uni Cloud Key Gen2 Plus, Uni Ubiquiti Networks Unifi Dream Machine, Uni Ubiquiti Networks Unifi Dream Machine Professional.