CVE-2023-28365
CRITICAL EXPLOITED IN THE WILDUniFi Network Application < 7.4.156 - Authenticated Command Injection via Backup File Restore
Title source: llmExploitation Summary
CVE-2023-28365 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545
Scores
CVSS v3
9.1
EPSS
0.0063
EPSS Percentile
45.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
VulnCheck KEV
2024-09-18
InTheWild.io
2024-09-18
CWE
CWE-77
Status
published
Products (1)
ui/unifi_network_application
< 7.4.156
Published
Jul 01, 2023
Tracked Since
Feb 18, 2026