A path traversal vulnerability in UniFi OS allows unauthorized network actors to access sensitive data, necessitating an immediate firmware update.

This is a path traversal vulnerability that allows a malicious actor with network access to traverse file system boundaries and obtain sensitive data from the UniFi OS device.

The ability to access sensitive system files can result in the exposure of configuration data, credentials, or other internal information. With a CVSS score of 8.6, this vulnerability is critical, especially as it can be chained with other flaws to bypass authentication requirements entirely.

Immediate Action: Update UniFi OS Server and devices to the patched versions (e.g., 5.1.15, 5.1.16, or 4.0.15 depending on the model) immediately.

Proactive Monitoring: Review network access logs for unusual traffic patterns and inspect device logs for evidence of path traversal attempts.

Compensating Controls: Restrict network access to management interfaces to only trusted administrative subnets to mitigate exposure to unauthorized actors.

Public Exploit Available: False

Given the broad range of affected UniFi hardware and the potential for exploit chaining, administrators must verify their device models against the vendor advisory and apply the necessary firmware updates as a matter of urgency.