CVSS Score of 10 (low)


Published Jul 1, 2023
Updated: Jul 11, 2023


The vulnerability with the CVE ID CVE-2023-31997 affects UniFi OS 3.1, specifically the consoles running UniFi Network. It allows users on a local network to access MongoDB due to a misconfiguration introduced in UniFi OS 3.1. The vulnerability is applicable to Cloud Keys running UniFi OS 3.1 and hosting the UniFi Network application, including Cloud Key Gen2 and Cloud Key Gen2 Plus. The risk score for this vulnerability is 67, indicating a significant threat level. The base severity of this vulnerability is rated as critical, with a base score of 9.0 according to [email protected]. The potential danger it poses to an organization includes high impact on integrity and confidentiality, with low privileges required for exploitation and no user interaction needed. The attack vector is adjacent network, and the availability impact is also rated as high.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-31997 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options