CVE-2024-27981
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
04/04/2024
Last modified:
18/03/2025
Description
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.<br />
<br />
Affected Products:<br />
UniFi Network Application (Version 8.0.28 and earlier) .<br />
<br />
Mitigation:<br />
Update UniFi Network Application to Version 8.1.113 or later.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL