A Command Injection vulnerability in UniFi Network Server (Linux) versions 8.0.28 and earlier allows an attacker with administrative credentials in the UniFi Network Application to escalate their privileges to root on the hosting device.
So, a user with administrative credentials can do administrative things? Okay… If you don’t trust the user to administer the machine, don’t give them admin credentials to anything. Doesn’t seem like much of a vulnerability to me. Poor coding, sure, but this seems more like a personnel issue if a realistic risk is to be assumed, here.
A Unifi administrator is able access the server using the root password
Well, a bug where a user can escape a web application and gain root privileges on the OS running underneath has always to be considered a serious vulnerability.
In a home lab or small business, where you are the administrator for everything, this may not be that big of a deal, as long as you use strong passwords and 2FA and/or don’t expose the application to the internet.
But what if you have dedicated network admins who are only allowed to administer the Unifi application, but not the underlying operating system? Or what if there are other applications running on the same server that the network admins are not authorized to access?
Or in more general terms: If someone gains root access to the underlying system, they can do all sorts of shenanigans that aren’t limited to the application they’re permitted to use anymore.
Thank you for this update.