AFAIK, that's actually the Unifi Controller, but that's "web based" as in, you access it via a browser (I use the same on my Unifi setup). So, I still can't see, nor understand, how to exploit said vulnerability unless you already have a local account on the controller.
On Tue, Oct 4, 2016 at 11:10 PM, Rob Thomas <rtho...@sangoma.com> wrote: > The impression I get from Tim Pham's emails is that the 'Unify Manager' is > doing some behind-the-scenes tunnelling, and bringing the Mongo interface > from the server to the client (Eg, Mac or Windows device) and you are then > able to connect to localhost (on the client) which tunnels through to the > server. > > However, after much searching, I am unable to locate this application. > Googling insinuates that it is this (unreleased) software - > https://www.ubnt.com/enterprise/software/ > > --Rob Thomas > Information Security, Sangoma Corporation > > > -----Original Message----- > From: Fulldisclosure [mailto:fulldisclosure-boun...@seclists.org] On > Behalf Of Gregory Sloop > Sent: Wednesday, 5 October 2016 1:54 AM > To: Tim Schughart <t.schugh...@prosec-networks.com>; > fulldisclosure@seclists.org; bugt...@securityfocus.com; > webapp...@securityfocus.com > Cc: Khanh Quoc. Pham <k.p...@prosec-networks.com> > Subject: Re: [FD] Critical Vulnerability in Ubiquiti UniFi > > I attempted private contact with Tim Pham and via email 12+ hours ago, but > received no response since then. > > I've spent some time trying to reproduce the reported vulnerability and > have had no success. It certainly doesn't help that the steps to reproduce > it are so poorly described or documented. > Without better documentation of the exploit, it seems impossible to > determine if the report is just mis-informed, blatantly false, or if > perhaps there's some step/process I don't understand or am missing. > > In every attempt I've made the binding of MongoBD to 127.0.0.1 is > effective and non-local connection attempts are refused, as one would > expect. > A swift response from Prosec Networks [prosec-networks.com] would be most > helpful. > > _______________________________________________ > Sent through the Full Disclosure mailing list https://nmap.org/mailman/ > listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/