CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28361

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.8%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2023-28361

Uni » Cloud Key Gen2 » Version: N/A

cpe:2.3:h:uni:cloud_key_gen2:-
Uni » Cloud Key Gen2 Plus » Version: N/A

cpe:2.3:h:uni:cloud_key_gen2_plus:-
Uni » Ubiquiti Networks Unifi Dream Machine » Version: N/A

cpe:2.3:h:uni:ubiquiti_networks_unifi_dream_machine:-
Uni » Ubiquiti Networks Unifi Dream Machine Professional » Version: N/A

cpe:2.3:h:uni:ubiquiti_networks_unifi_dream_machine_professional:-
Uni » Ubiquiti Networks Unifi Dream Machine Se » Version: N/A

cpe:2.3:h:uni:ubiquiti_networks_unifi_dream_machine_se:-
Uni » Unifi Dream Router » Version: N/A

cpe:2.3:h:uni:unifi_dream_router:-
Uni » Unifi Protect Network Video Recorder » Version: N/A

cpe:2.3:h:uni:unifi_protect_network_video_recorder:-
Uni » Unifi Protect Network Video Recorder Professional » Version: N/A

cpe:2.3:h:uni:unifi_protect_network_video_recorder_professional:-
Uni » Unifi Os » Version: N/A

cpe:2.3:o:uni:unifi_os:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28361

Products

Pricing

Contact Us