Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control
Vulnerability Description
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
Ubiquiti多款产品 加密问题漏洞
Vulnerability Description
Ubiquiti UniFi Network Controller等都是美国优比快(Ubiquiti)公司的产品。Ubiquiti UniFi Network Controller是一个集中管理与监控网络设备的控制软件平台。Ubiquiti UniFi UAP是一系列无线接入点。Ubiquiti UniFi UAP-AC是一系列无线接入点。 Ubiquiti多款产品存在加密问题漏洞,该漏洞源于AES-CBC加密存在加密弱点,可能导致攻击者从捕获的流量中恢复加密密钥。以下产品及版本受到影响:UniFi Ne
CVSS Information
N/A
Vulnerability Type
N/A