CVE-2021-22943

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.

• CVE ID
• CVE-2021-22943

• Assigner
• support@hackerone.com

• Vulnerability Status
• Analyzed

• Published Version
• 2021-08-31T17:15:07

• Last Modified Date
• 2021-09-09T00:23:55

• Version
• 2.0

• Vector String
• AV:A/AC:L/Au:N/C:C/I:C/A:C

• Access Vector
• ADJACENT_NETWORK

• Access Compatibility
• LOW

• Authentication
• NONE

• Confidentiality Impact
• COMPLETE

• Integrity Impact
• COMPLETE

• Availability Impact
• COMPLETE

• Base Score
• 8.3

• Severity
• HIGH

• Exploitability Score
• 6.5

• Impact Score
• 10

• Version
• 3.1

• Vector String
• CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

• Attack Vector
• ADJACENT_NETWORK

• Attack Compatibility
• LOW

• Privileges Required
• NONE

• User Interaction
• NONE

• Scope
• CHANGED

• Confidentiality Impact
• HIGH

• Availability Impact
• HIGH

• Base Score
• 9.6

• Base Severity
• CRITICAL

• Exploitability Score
• 2.8

• Impact Score
• 6