Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM
Vulnerability Description
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
证书验证不恰当
Vulnerability Title
Ubiquiti UniFi Network Controller 信任管理问题漏洞
Vulnerability Description
Ubiquiti UniFi Network Controller是美国优比快(Ubiquiti)公司的一个集中管理与监控网络设备的控制软件平台。 Ubiquiti UniFi Network Controller 5.10.22之前版本和5.11.18之前的5.11.x版本存在信任管理问题漏洞,该漏洞源于证书验证不当,可能导致相邻网络攻击者进行中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A