Security Advisory Bulletin 003

by Ubiquiti Employee Wednesday

Updated: May 15th, 2019

First Published: May 15th,  2019

Version: 1.0

Revision: 1.0

 

Summary

 

We have recently released the new version of UniFi Network Controller that fixes vulnerabilities found in v5.10.21 and prior, according to the description below:

 

SMTP MITM  refers to a malicious actor setting up an SMTP proxy server between the user and their actual SMTP server to record their SMTP credentials for malicious use later.

 

These vulnerabilities were fixed in the UniFi Controller v5.6.42 and v5.10.22 which are available for download at Ubiquiti´s download page. This is also fixed in v5.11.18 which is an Unstable release found in Beta section.

 

Details:

In controller versions, prior to the fixed versions, the controller was using an insecure method of SSL certificate verification that did not verify SSL hosts. This allowed a man-in-the-middle attack wherein a malicious server could use a false SSL certificate to acquire SMTP credentials.

 

Affected Products:

UniFi Controller prior to v.5.10.22 and v5.11 prior to v5.11.18 (excluding 5.6.42)

 

Mitigation:

Disable SMTP mail in the controller site options until you have upgraded to  5.6.42, 5.10.22+ or 5.11.18+.

 

Impact:

 

CVSS v3.0 Severity and Metrics:

Base Score: 7.5 HIGH

Vector: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (V3 legend)

 

Reference Links:

https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-Network-Controller-5-10-23-Stable-has-been-re...

https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-Network-Controller-5-6-42-Stable-has-been-rel...