CVE-2024-42028
📋 TL;DR
A local privilege escalation vulnerability in UniFi Network Application allows authenticated local users to execute high-privilege actions on the UniFi Network Server. This affects self-hosted UniFi Network Servers running version 8.4.62 and earlier. Attackers with local system access can elevate privileges to perform administrative operations.
💻 Affected Systems
- UniFi Network Application
- Self-Hosted UniFi Network Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the UniFi Network Server, allowing attackers to reconfigure network settings, intercept traffic, deploy malicious firmware to UniFi devices, or pivot to other network segments.
Likely Case
Local authenticated users gain administrative control over the UniFi Network Server, enabling them to modify network configurations, create backdoor accounts, or disrupt network operations.
If Mitigated
Limited impact if proper access controls restrict local user accounts and network segmentation isolates the UniFi server from critical systems.
🎯 Exploit Status
Exploitation requires local authenticated access. No public exploit code available at disclosure time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.4.63 and later
Vendor Advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download UniFi Network Application 8.4.63 or later from UI.com. 3. Stop UniFi service. 4. Install updated version. 5. Restart UniFi service. 6. Verify functionality.
🔧 Temporary Workarounds
Restrict Local User Access
allLimit local system accounts that can access the UniFi server host to only necessary administrative users.
Network Segmentation
allIsolate UniFi Network Server on separate VLAN with strict firewall rules limiting access.
🧯 If You Can't Patch
- Implement strict access controls to limit local user accounts on the UniFi server host
- Monitor for unusual local user activity and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check UniFi Network Application version in web interface Settings > System or run: unifi-os versionCheck Version:
unifi-os versionVerify Fix Applied:
Confirm version is 8.4.63 or later and test that local users cannot perform administrative actions without proper credentials.📡 Detection & Monitoring
Log Indicators:
- Unusual local user privilege escalation attempts
- Unauthorized configuration changes by non-admin users
- Failed authentication attempts followed by successful administrative actions
Network Indicators:
- Unexpected configuration changes to UniFi devices
- Unusual administrative API calls from non-admin IPs
SIEM Query:
source="unifi" AND (event_type="config_change" OR event_type="auth") AND user!="admin" AND result="success"