A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
An attacker with access to the network where UniFi Network Application operates can send crafted requests containing path traversal sequences (e.g., '../'), which allow exiting the application's permitted directory. This makes it possible to read arbitrary files from the host operating system. These files can then be used to gain access to system accounts or other resources of the protected environment.
An attacker may gain unauthorized access to sensitive system files, including configuration files or authentication data, which may lead to system account takeover and further compromise of the environment.
Apply patches available from the manufacturer according to references — detailed information about corrected software versions is available in the Ubiquiti security bulletin at: https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b
UniFi Network Application — versions indicated in manufacturer references (Ubiquiti Security Advisory Bulletin-062)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H