CVE-2024-45205: An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow...

7.1 CVSS

Description

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point.

Affected Products:
UniFi iOS App (Version 10.17.7 and earlier)

Mitigation:
UniFi iOS App (Version 10.18.0 or later).

Classification

CVE ID: CVE-2024-45205

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

Affected Products

Vendor: Ubiquiti

Product: UniFi iOS App

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://community.ui.com/releases/UniFi-iOS-10-18-0/42f02428-544c-4626-b5b3-5ae40308edc7

Timeline

2024-12-05 00:32:38 UTC
CVE

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow...