Description
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).



Affected Products:
All UniFi Access Points (Version 6.5.50 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.


Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update the UniFi Switches to Version 6.5.59 or later.
Published: 2023-08-10
Score: 9.8 Critical
EPSS: 7.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-39120 An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.
History

Thu, 05 Dec 2024 08:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ubiquiti:unifi_access_points:*:*:*:*:*:*:*:*
cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:*
Vendors & Products Ubiquiti
Ubiquiti unifi Access Points
Ubiquiti unifi Switch Firmware

Wed, 09 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Access Points
Ubiquiti unifi Switch Firmware
CPEs cpe:2.3:a:ubiquiti:unifi_access_points:*:*:*:*:*:*:*:*
cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:*
Vendors & Products Ubiquiti
Ubiquiti unifi Access Points
Ubiquiti unifi Switch Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Ui U6-enterprise U6-enterprise-iw U6-extender U6-iw U6-lite U6-lr U6-mesh U6-pro U6\+ Uap-ac-iw Uap-ac-lite Uap-ac-lr Uap-ac-m Uap-ac-m-pro Uap-ac-pro Ubb Ubb-xg Unifi Switch Firmware Unifi Uap Firmware Us-16-150w Us-24-250w Us-48-500w Us-8-150w Us-8-60w Us-xg-6poe Usw-16-poe Usw-24 Usw-24-poe Usw-48 Usw-48-poe Usw-aggregation Usw-enterprise-24-poe Usw-enterprise-48-poe Usw-enterprise-8-poe Usw-enterprisexg-24 Usw-flex Usw-flex-xg Usw-industrial Usw-lite-16-poe Usw-lite-8-poe Usw-mission-critical Usw-pro-24 Usw-pro-24-poe Usw-pro-48 Usw-pro-48-poe Usw-pro-aggregation Uwb-xg
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-12-04T16:30:50.323Z

Reserved: 2023-06-13T01:00:11.784Z

Link: CVE-2023-35085

cve-icon Vulnrichment

Updated: 2024-08-02T16:23:58.703Z

cve-icon NVD

Status : Modified

Published: 2023-08-10T19:15:09.730

Modified: 2024-11-21T08:07:56.790

Link: CVE-2023-35085

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses