{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29207", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-03-19T01:04:06.323Z", "datePublished": "2024-05-07T16:40:02.502Z", "dateUpdated": "2024-08-02T01:10:55.406Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. \n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.7.9 and earlier) \n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later.\n\n"}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect Application", "versions": [{"version": "3.10.7", "status": "affected", "lessThan": "3.10.7", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station", "versions": [{"version": "1.2.15", "status": "affected", "lessThan": "1.2.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station Pro ", "versions": [{"version": "1.2.15", "status": "affected", "lessThan": "1.2.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect Display", "versions": [{"version": "1.11.348", "status": "affected", "lessThan": "1.11.348", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast", "versions": [{"version": "1.8.255", "status": "affected", "lessThan": "1.8.255", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-05-07T16:40:02.502Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29207", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-07T19:34:11.302957Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_display_cast", "versions": [{"status": "affected", "version": "1.8.255"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_display", "versions": [{"status": "affected", "version": "1.11.348"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_application:3.10.7:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_application", "versions": [{"status": "affected", "version": "3.10.7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_ev_station", "versions": [{"status": "affected", "version": "1.2.15 "}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_ev_station_pro", "versions": [{"status": "affected", "version": "1.2.15.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:56:46.353Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:55.406Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:55.406Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29207", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-07T19:34:11.302957Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_display_cast:1.8.255:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_display_cast", "versions": [{"status": "affected", "version": "1.8.255"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_display:1.11.348:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_display", "versions": [{"status": "affected", "version": "1.11.348"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_application:3.10.7:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_application", "versions": [{"status": "affected", "version": "3.10.7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_ev_station:1.2.15:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_ev_station", "versions": [{"status": "affected", "version": "1.2.15 "}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ubiquiti:unifi_connect_ev_station_pro:1.2.15.0:*:*:*:*:*:*:*"], "vendor": "ubiquiti", "product": "unifi_connect_ev_station_pro", "versions": [{"status": "affected", "version": "1.2.15.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-07T19:40:49.698Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Ubiquiti Inc", "product": "UniFi Connect Application", "versions": [{"status": "affected", "version": "3.10.7", "lessThan": "3.10.7", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station", "versions": [{"status": "affected", "version": "1.2.15", "lessThan": "1.2.15", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect EV Station Pro ", "versions": [{"status": "affected", "version": "1.2.15", "lessThan": "1.2.15", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect Display", "versions": [{"status": "affected", "version": "1.11.348", "lessThan": "1.11.348", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Connect Display Cast", "versions": [{"status": "affected", "version": "1.8.255", "lessThan": "1.8.255", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"}], "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. \n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.7.9 and earlier) \n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later.\n\n"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-05-07T16:40:02.502Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29207", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:10:55.406Z", "dateReserved": "2024-03-19T01:04:06.323Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2024-05-07T16:40:02.502Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. \n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.7.9 and earlier) \n\nUniFi Connect EV Station (Version 1.1.18 and earlier) \n\nUniFi Connect EV Station Pro (Version 1.1.18 and earlier)\n\nUniFi Connect Display (Version 1.9.324 and earlier)\n\nUniFi Connect Display Cast (Version 1.6.225 and earlier)\n\n \n\nMitigation:\n\nUpdate UniFi Connect Application to Version 3.10.7 or later.\n\nUpdate UniFi Connect EV Station to Version 1.2.15 or later.\n\nUpdate UniFi Connect EV Station Pro to Version 1.2.15 or later.\n\nUpdate UniFi Connect Display to Version 1.11.348 or later.\n\nUpdate UniFi Connect Display Cast to Version 1.8.255 or later.\n\n"}, {"lang": "es", "value": "Una validaci\u00f3n de certificado incorrecta podr\u00eda permitir que un actor malintencionado con acceso a una red adyacente tome el control del sistema. Productos afectados: Aplicaci\u00f3n UniFi Connect (Versi\u00f3n 3.7.9 y anteriores) UniFi Connect EV Station (Versi\u00f3n 1.1.18 y anteriores) UniFi Connect EV Station Pro (Versi\u00f3n 1.1.18 y anteriores) UniFi Connect Display (Versi\u00f3n 1.9.324 y anteriores) UniFi Connect Display Cast (versi\u00f3n 1.6.225 y anteriores) Mitigaci\u00f3n: actualice la aplicaci\u00f3n UniFi Connect a la versi\u00f3n 3.10.7 o posterior. Actualice UniFi Connect EV Station a la versi\u00f3n 1.2.15 o posterior. Actualice UniFi Connect EV Station Pro a la versi\u00f3n 1.2.15 o posterior. Actualice UniFi Connect Display a la versi\u00f3n 1.11.348 o posterior. Actualice UniFi Connect Display Cast a la versi\u00f3n 1.8.255 o posterior."}], "id": "CVE-2024-29207", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2024-05-07T17:15:08.183", "references": [{"source": "support@hackerone.com", "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}