Ubiquiti UniFi Products AES-CBC Encryption Vulnerability Allows Key Recovery and Unauthorized Device Control

A vulnerability exists in multiple Ubiquiti UniFi products, including the UniFi Network Controller (versions prior to 5.10.12, excluding 5.6.42), UniFi UAP Firmware (prior to 4.0.6), UAP-AC, UAP-AC v2, and UAP-AC Outdoor Firmware (prior to 3.8.17), UniFi USW Firmware (prior to 4.0.6), and UniFi USG Firmware (prior to 4.4.34). These products use AES-CBC encryption for device-to-controller communication, which is cryptographically weak and allows attackers to recover encryption keys from intercepted traffic. This vulnerability can be exploited by attackers with adjacent network access who capture enough encrypted traffic to derive the encryption keys, potentially leading to unauthorized control and management of the affected network devices.

Impact

Exploitation of this vulnerability allows for recovery of encryption keys from captured traffic, enabling unauthorized control and management of affected network devices.