CVE-2023-28365 — CRITICAL (9.1)

Q: How severe is CVE-2023-28365?

CVE-2023-28365 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-28365?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Unifi Network Application, Linux Linux Kernel.

Vulnerability Description

A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ui	Unifi Network Application	< 7.4.156
Linux	Linux Kernel	-

Related Weaknesses (CWE)

CWE-77

References

https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9Issue TrackingVendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9Issue TrackingVendor Advisory

FAQ

What is CVE-2023-28365?

CVE-2023-28365 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host devi...

How severe is CVE-2023-28365?

CVE-2023-28365 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-28365?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Unifi Network Application, Linux Linux Kernel.