CVE-2024-27981: Critical Vulnerability Patched in Ubiquiti UniFi Network Application

Ubiquiti Networks has released an urgent security update for its popular UniFi Network Application. This critical patch addresses a vulnerability that, if exploited, could allow attackers with administrative access to gain root-level control of the underlying server.

Image: UniFi

The Vulnerability

Designated CVE-2024-27981, the vulnerability carries a “Critical” CVSS rating of 9.1 out of 10. It exists in self-hosted Linux installations of the UniFi Network Application (version 8.0.28 and earlier). Successful exploitation requires the attacker to already possess administrator-level credentials within the UniFi Network Application.

“A Command Injection vulnerability found in a Self-Hosted UniFi Network Server (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device,” reads the Ubiquiti security advisory.

With this access, the attacker could inject malicious commands, allowing them to escalate their privileges to the root level. Root-level control grants full administrative power over the device, allowing the attacker to potentially steal data, install additional malware, or disrupt critical network operations.

Who is at Risk?

Organizations and individuals who self-host their UniFi Network Application on Linux are at risk. This includes those using their computers, on-site dedicated servers, or Linux-based cloud instances.

The Fix and Importance of Updates

In response to the discovery of CVE-2024-27981, Ubiquiti has already released patched versions of the UniFi Network Application (8.1.113 and later). Administrators are urged to update their UniFi installations immediately. This seemingly minor software update could be the difference between maintaining a secure network and a major compromise.