Interpipes 💙 on Nostr: Unifi has published brief details on CVE-2024-27981, a 9.1sev - privesc in their ...
Unifi has published brief details on CVE-2024-27981, a 9.1sev - privesc in their Unifi "self-host" controller <=v8.0.28
They say any user with "admin access" (unclear just now if this means global admin and/or site admin) can get root on the OS hosting the controller software (unclear how, if you do not run the controller as root?)
Upgrade to 8.1.113 (which when first released 11d ago was NOT stated to include security content!)
https://community.ui.com/releases/Security-Advisory-Bulletin-038-038/9d13fead-47de-4372-b2c1-745b8d6b0399
#infosec #cve-2024-27981 #unifi
They say any user with "admin access" (unclear just now if this means global admin and/or site admin) can get root on the OS hosting the controller software (unclear how, if you do not run the controller as root?)
Upgrade to 8.1.113 (which when first released 11d ago was NOT stated to include security content!)
https://community.ui.com/releases/Security-Advisory-Bulletin-038-038/9d13fead-47de-4372-b2c1-745b8d6b0399
#infosec #cve-2024-27981 #unifi