Ubiquiti Unifi Network Server: High-risk leak enables privilege escalation

Ubiquiti warns of a security vulnerability in the company's self-hosted Unifi Network Server. The gaping security hole allows attackers to extend their rights and is considered a serious vulnerability by the manufacturer.

Ubiquiti offers routers, switches, WLAN access points, surveillance cameras and "smart" doorbells under the name Unifi. These can be managed with admin interfaces that are either located in the cloud at the manufacturer or on a Unifi Network Server that is hosted on-premises.

Ubiquiti: Rights escalation on servers

Without giving more details about the vulnerability, Ubiquiti describes the gap as follows: A local privilege escalation vulnerability in self-hosted Unifi Network Servers (version 8.4.62 and older) allows malicious actors with a local operating system user account to perform high-privilege actions on the Unifi Network Server (CVE-2024-42028, CVSS 8.8, risk"high"). Due to the high risk rating, exploiting the vulnerability does not seem to require any major effort. However, Ubiquiti's developers do not mention how admins can recognize a successful abuse of the vulnerability.

The vulnerability only just scrapes past the highest risk level of "critical". IT managers with self-hosted Unifi network servers should therefore download and install the available update without delay. The underlying errors are corrected by the Unifi Network Application in version 8.5.6 or newer.

In mid-May, Ubiquiti announced plans to improve the security of user accounts created with the company. As of July, Ubiquiti has activated and enforced two-factor authentication (2FA). In addition to the user name and password, a second security factor must now be entered to log in, such as one-time TOTP codes created using Authenticator or access codes sent by email.

(dmk)