Security Advisory Bulletin 043 Overview: Published: October 16, 2024 Version: 1.1 Revision: 1.1 Description: A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server. Affected Products: UniFi Network Application (Version 8.4.62 and earlier). Mitigation: Update UniFi Network Application to Version 8.5.6 or later. Impact: CVSS v3.0 Severity and Metrics: - Base Score: 8.8 High Vector: - CVSS: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H - CVE: CVE-2024-42028 Reference Links: https://community.ui.com/releases/UniFi-Network-Application-8-5-6/bfa15dd8-8b58-4d40-9d83-73ebe8c9a955 --- Additional Information: Version History: - 042: Official (2 months ago) - 041: Official (4 months ago) - 040: Official (5 months ago) - 039: Official (6 months ago) - 038: Official (7 months ago) --- Footer: Cookies Settings Accept All Cookies UI.com Terms of Service © 2024 Ubiquiti, Inc. All Rights Reserved.