Login Sign Up

CVE-2023-24104

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability in Ubiquiti Networks UniFi Dream Machine Pro allows attackers to bypass domain restrictions via crafted packets, potentially enabling unauthorized network access or traffic redirection. It affects users running version 7.2.95 of the UniFi Dream Machine Pro network appliance.

💻 Affected Systems

Products:
  • Ubiquiti Networks UniFi Dream Machine Pro
Versions: Version 7.2.95 specifically
Operating Systems: Ubiquiti's custom OS for UniFi devices
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects UniFi Dream Machine Pro, not other UniFi devices. Domain restrictions must be configured for the vulnerability to be relevant.

📦 What is this software?

Unifi Dream Machine Pro Firmware by Ui

View all CVEs affecting Unifi Dream Machine Pro Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could bypass all domain-based security controls, redirect traffic to malicious destinations, intercept sensitive data, or gain persistent network foothold.

🟠

Likely Case

Attackers bypass domain filtering rules to access restricted resources or redirect users to malicious sites.

🟢

If Mitigated

With proper network segmentation and additional security layers, impact limited to specific network segments.

🌐 Internet-Facing: HIGH - Network appliances with internet exposure are primary targets for this packet manipulation attack.
🏢 Internal Only: MEDIUM - Internal attackers could exploit to bypass internal domain restrictions and access restricted resources.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Crafted packet attacks typically require network access but no authentication. MITRE ATT&CK T1090.004 indicates proxy/tunnel techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 7.2.95 (check Ubiquiti for specific fixed version)

Vendor Advisory: https://community.ui.com/releases

Restart Required: Yes

Instructions:

1. Log into UniFi Network Controller 2. Navigate to Devices > select Dream Machine Pro 3. Check for firmware updates 4. Apply latest firmware 5. Reboot device after update

🔧 Temporary Workarounds

Network Segmentation

all

Isolate UniFi Dream Machine Pro from untrusted networks and implement additional firewall rules

Domain Restriction Enhancement

all

Implement additional DNS filtering or proxy solutions as secondary domain control layer

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can send packets to the Dream Machine Pro
  • Deploy intrusion detection systems to monitor for crafted packet attacks and domain bypass attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version in UniFi Network Controller under Devices > Dream Machine Pro > Details

Check Version:

ssh admin@[device-ip] 'show version' or check via UniFi Network Controller web interface

Verify Fix Applied:

Verify firmware version is updated beyond 7.2.95 and test domain restrictions with controlled test traffic

📡 Detection & Monitoring

Log Indicators:

  • Unusual packet patterns to Dream Machine Pro
  • Domain restriction rule violations
  • Unexpected proxy/tunnel activity

Network Indicators:

  • Crafted packets targeting port 53 or other Dream Machine Pro services
  • Traffic bypassing expected domain filters

SIEM Query:

source_ip=[Dream-Machine-Pro-IP] AND (packet_size_anomaly OR protocol_anomaly)

📊 Metadata

CVE ID: CVE-2023-24104
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: February 23, 2023
Last Updated: March 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON