Security Vulnerabilities - CVEs Published In July 2023
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.
CVSS Score
9.0
EPSS Score
0.0
Published
2023-07-01
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS Score
8.8
EPSS Score
0.033
Published
2023-07-01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
5.4
EPSS Score
0.002
Published
2023-07-01
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS Score
6.1
EPSS Score
0.009
Published
2023-07-01
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS Score
4.3
EPSS Score
0.002
Published
2023-07-01
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.
This issue affects My Cloud OS 5 devices: before 5.26.202.
CVSS Score
10.0
EPSS Score
0.001
Published
2023-07-01
Page 231