Sign-up

ID

VAR-202108-0412


CVE

CVE-2021-22943


TITLE

UniFi Protect  Authentication vulnerabilities in applications

Trust: 0.8

sources: JVNDB: JVNDB-2021-011255

DESCRIPTION

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. UniFi Protect The application contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Ubiquiti Networks UniFi Protect is a network video recorder from Ubiquiti Networks

Trust: 2.25

sources: NVD: CVE-2021-22943 // JVNDB: JVNDB-2021-011255 // CNVD: CNVD-2022-15504 // VULMON: CVE-2021-22943

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-15504

AFFECTED PRODUCTS

vendor:uimodel:unifi protectscope:ltversion:1.19.0

Trust: 1.0

vendor:uimodel:unifi protectscope:eqversion: -

Trust: 0.8

vendor:uimodel:unifi protectscope:lteversion:1.18.1 and earlier

Trust: 0.8

vendor:ubiquitimodel:networks unifi protect applicationscope:lteversion:<=1.18.1

Trust: 0.6

sources: CNVD: CNVD-2022-15504 // JVNDB: JVNDB-2021-011255 // NVD: CVE-2021-22943

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22943
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-22943
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-15504
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202108-2800
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-22943
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-22943
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-15504
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-22943
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-22943
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-15504 // VULMON: CVE-2021-22943 // JVNDB: JVNDB-2021-011255 // CNNVD: CNNVD-202108-2800 // NVD: CVE-2021-22943

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-011255 // NVD: CVE-2021-22943

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2800

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202108-2800

PATCH

title:Security Advisory Bulletin 019url:https://community.ui.com/releases/Security-Advisory-Bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f

Trust: 0.8

title:Patch for Ubiquiti Networks UniFi Protect Authorization Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/322546

Trust: 0.6

title:Ubiquiti Networks UniFi Protect Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161108

Trust: 0.6

sources: CNVD: CNVD-2022-15504 // JVNDB: JVNDB-2021-011255 // CNNVD: CNNVD-202108-2800

EXTERNAL IDS

db:NVDid:CVE-2021-22943

Trust: 4.0

db:JVNDBid:JVNDB-2021-011255

Trust: 0.8

db:CNVDid:CNVD-2022-15504

Trust: 0.6

db:CNNVDid:CNNVD-202108-2800

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2021-22943

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-15504 // VULMON: CVE-2021-22943 // JVNDB: JVNDB-2021-011255 // CNNVD: CNNVD-202108-2800 // NVD: CVE-2021-22943

REFERENCES

url:https://community.ui.com/releases/security-advisory-bulletin-019-019/90a00abe-d6b6-43c6-92d4-0a0342f1506f

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22943

Trust: 1.4

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-15504 // VULMON: CVE-2021-22943 // JVNDB: JVNDB-2021-011255 // CNNVD: CNNVD-202108-2800 // NVD: CVE-2021-22943

SOURCES

db:OTHERid: -
db:CNVDid:CNVD-2022-15504
db:VULMONid:CVE-2021-22943
db:JVNDBid:JVNDB-2021-011255
db:CNNVDid:CNNVD-202108-2800
db:NVDid:CVE-2021-22943

LAST UPDATE DATE

2025-01-30T20:04:09.722000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-15504date:2022-03-01T00:00:00
db:VULMONid:CVE-2021-22943date:2021-09-09T00:00:00
db:JVNDBid:JVNDB-2021-011255date:2022-07-25T08:10:00
db:CNNVDid:CNNVD-202108-2800date:2021-09-10T00:00:00
db:NVDid:CVE-2021-22943date:2021-09-09T00:23:55.950

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-15504date:2022-03-01T00:00:00
db:VULMONid:CVE-2021-22943date:2021-08-31T00:00:00
db:JVNDBid:JVNDB-2021-011255date:2022-07-25T00:00:00
db:CNNVDid:CNNVD-202108-2800date:2021-08-31T00:00:00
db:NVDid:CVE-2021-22943date:2021-08-31T17:15:07.767