Horizon Alert
Summary of the vulnerability and why it matters
A critical vulnerability in UniFi Protect Application could allow a low-privilege attacker with network access to gain elevated control over the host device. This issue is significant due to the common use of UniFi Protect as a network-attached video management system, which is often accessible externally for remote viewing of security camera feeds. Confirming relevance and exposure is the main concern at this time.
- Unauthenticated network actors can escalate privileges.
- Protects video management systems from unauthorized control.
- Verify if your UniFi Protect is exposed and needs review.
Attack Path
How an attacker could exploit the issue
A potentially malicious actor who can access the network and has minimal user rights could exploit this vulnerability. By sending specially crafted requests, they could trick the UniFi Protect Application into making unintended connections to internal or external resources. This could allow the attacker to gain higher privileges on the device hosting the application.
- Entry condition: Network access with low privileges.
- Trigger point: Server-Side Request Forgery in the application.
- Resulting risk: Privilege escalation on the host device.
Live Threat
Current exploitation, exposure, and threat context
A malicious actor with low-level network access could exploit a Server-Side Request Forgery vulnerability within the UniFi Protect Application. This exploit could allow the actor to escalate privileges on the host device, potentially gaining unauthorized control over the system.
- System access and control.
- Exploiting network access to the application.
- Unauthorized privilege escalation.
Operational Fix
Recommended remediation, mitigation, and detection steps
This Server-Side Request Forgery vulnerability in UniFi Protect Application, allowing privilege escalation on the host device, likely requires action from Infrastructure and Security teams. The first practical step is to identify all UniFi Protect instances, determine their network reachability, assess their criticality, and confirm the accountable owner before planning remediation.
- Infrastructure and Security teams own this.
- Verify UniFi Protect instances and reachability.
- Plan remediation based on exposure and criticality.