Vulnerabilities ›

CVE-2019-25651

High

CWE-327 — Weakness Type

                    Published: Mar 27, 2026                      ·  Modified: Apr 3, 2026                      ·  Source: NVD                

CVSS v3

8.3

🔗 NVD Official

📄 Description (English)

Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.

🤖 AI Executive Summary

CVE-2019-25651 affects Ubiquiti UniFi Network Controller and related devices using weak AES-CBC encryption for device-to-controller communication. Attackers with adjacent network access can capture encrypted traffic and exploit cryptographic weaknesses to recover encryption keys, enabling unauthorized network device control. This vulnerability poses significant risk to organizations relying on Ubiquiti infrastructure for network management, particularly in Saudi Arabia where Ubiquiti equipment is widely deployed.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 24, 2026 23:48

🇸🇦 Saudi Arabia Impact Assessment

High impact on Saudi telecommunications sector (STC, Mobily, Zain), government agencies (NCA, CITC), banking institutions (SAMA-regulated banks), and enterprise networks. Ubiquiti equipment is extensively deployed in Saudi data centers, branch offices, and network infrastructure. Compromise enables unauthorized network access, device manipulation, traffic interception, and potential lateral movement to critical systems. Healthcare sector (MOH facilities) and energy sector (ARAMCO operations) using Ubiquiti infrastructure face elevated risk of operational disruption and data breach.

🏢 Affected Saudi Sectors

Telecommunications (STC, Mobily, Zain) Banking and Financial Services (SAMA-regulated institutions) Government and Public Administration (NCA, CITC, MOCI) Healthcare (Ministry of Health facilities) Energy and Utilities (ARAMCO, power distribution) Enterprise and Corporate Networks Data Centers and Cloud Infrastructure Education (Universities and research institutions)

🎯 MITRE ATT&CK Techniques

T1040 - Traffic Capture or Redirection T1557 - Adversary-in-the-Middle T1110 - Brute Force T1021 - Remote Services T1199 - Trusted Relationship T1570 - Lateral Tool Transfer T1570 - Lateral Movement

⚖️ Saudi Risk Score (AI)

8.1

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all Ubiquiti UniFi Network Controller and device deployments in your environment

2. Isolate UniFi controllers and managed devices on separate VLANs with strict access controls

3. Implement network segmentation to restrict adjacent network access to UniFi infrastructure

4. Enable WPA3 or WPA2-Enterprise on wireless access points where supported

5. Monitor network traffic for suspicious device-to-controller communication patterns

Patching Guidance:

1. Upgrade UniFi Network Controller to version 5.10.12 or later (5.6.42 for legacy systems)

2. Update UAP firmware to 4.0.6 or later

3. Update UAP-AC and UAP-AC v2 firmware to 3.8.17 or later

4. Update UAP-AC Outdoor firmware to 3.8.17 or later

5. Update USW firmware to 4.0.6 or later

6. Update USG firmware to 4.4.34 or later

Compensating Controls (if immediate patching not possible):

1. Implement network access controls (802.1X) for device-to-controller communication

2. Deploy intrusion detection/prevention systems (IDS/IPS) to monitor for exploitation attempts

3. Use VPN tunnels for all UniFi controller management traffic

4. Implement strict firewall rules limiting controller access to authorized subnets only

5. Disable remote management features if not required

Detection Rules:

1. Monitor for unusual AES-CBC encrypted traffic patterns between UniFi devices and controller

2. Alert on multiple failed authentication attempts to UniFi controller

3. Detect unauthorized device provisioning or configuration changes

4. Monitor for traffic from non-standard ports to UniFi controller (default 8080, 8443)

5. Implement SIEM rules for detecting brute-force attacks against UniFi management interfaces

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع نشرات متحكم شبكة Ubiquiti UniFi والأجهزة في بيئتك

2. عزل متحكمات UniFi والأجهزة المُدارة على شبكات VLAN منفصلة مع ضوابط وصول صارمة

3. تنفيذ تقسيم الشبكة لتقييد الوصول إلى الشبكة المجاورة لبنية Ubiquiti

4. تفعيل WPA3 أو WPA2-Enterprise على نقاط الوصول اللاسلكية حيث يكون مدعوماً

5. مراقبة حركة المرور على الشبكة للكشف عن أنماط اتصال مريبة بين الجهاز والمتحكم

إرشادات التصحيح:

1. ترقية متحكم شبكة UniFi إلى الإصدار 5.10.12 أو أحدث (5.6.42 للأنظمة القديمة)

2. تحديث برنامج UAP إلى 4.0.6 أو أحدث

3. تحديث برنامج UAP-AC و UAP-AC v2 إلى 3.8.17 أو أحدث

4. تحديث برنامج UAP-AC Outdoor إلى 3.8.17 أو أحدث

5. تحديث برنامج USW إلى 4.0.6 أو أحدث

6. تحديث برنامج USG إلى 4.4.34 أو أحدث

الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. تنفيذ ضوابط الوصول إلى الشبكة (802.1X) لاتصال الجهاز بالمتحكم

2. نشر أنظمة كشف/منع الاختراق (IDS/IPS) لمراقبة محاولات الاستغلال

3. استخدام أنفاق VPN لجميع حركة مرور إدارة متحكم UniFi

4. تنفيذ قواعد جدار الحماية الصارمة التي تحد من وصول المتحكم إلى الشبكات المصرح بها فقط

5. تعطيل ميزات الإدارة البعيدة إذا لم تكن مطلوبة

قواعد الكشف:

1. مراقبة أنماط حركة المرور المشفرة بـ AES-CBC غير العادية بين أجهزة UniFi والمتحكم

2. تنبيه محاولات المصادقة الفاشلة المتعددة لمتحكم UniFi

3. الكشف عن توفير الأجهزة غير المصرح به أو تغييرات التكوين

4. مراقبة حركة المرور من المنافذ غير القياسية إلى متحكم UniFi (الافتراضي 8080، 8443)

5. تنفيذ قواعد SIEM للكشف عن هجمات القوة الغاشمة ضد واجهات إدارة UniFi

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.10.1.1 - Cryptographic controls and key management ECC 2024 A.8.2.1 - User access management and authentication ECC 2024 A.8.3.1 - Access control to network resources ECC 2024 A.13.1.1 - Network security perimeter controls

🔵 SAMA CSF

SAMA CSF ID.BE-1 - Asset management and inventory SAMA CSF PR.AC-1 - Access control policies and procedures SAMA CSF PR.DS-2 - Data security and encryption SAMA CSF DE.CM-1 - Detection and monitoring capabilities

🟡 ISO 27001:2022

ISO 27001:2022 A.10.1 - Cryptography ISO 27001:2022 A.8.2 - User access management ISO 27001:2022 A.8.3 - Access control ISO 27001:2022 A.13.1 - Network security

🟣 PCI DSS v4.0.1

PCI DSS 3.4 - Encryption of cardholder data in transit PCI DSS 4.1 - Strong cryptography for data transmission PCI DSS 6.2 - Security patches and updates

🔗 References & Sources 2

🔗

https://community.ui.com/releases/Security-Advisory-Bulletin-004-004/462e561b-9efd-4c23...

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/ubiquiti-unifi-devices-use-of-aes-cbc-allows-key-r...

disclosure@vulncheck.com

📊 CVSS Score

8.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack VectorA — Adjacent

Attack ComplexityH — High

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.3

CWECWE-327

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-03-27

Source Feed nvd

🇸🇦 Saudi Risk Score

8.1

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-327

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2019-25651

💬 Comments

Introduce Yourself

Sign In Required