Description
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE).


Affected Products:
All UniFi Access Points (Version 6.5.53 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.


Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update UniFi Switches to Version 6.5.59 or later.
Published: 2023-08-10
Score: 9.8 Critical
EPSS: 3.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-41861 A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.
History

Wed, 04 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ubiquiti:unifi_access_points:*:*:*:*:*:*:*:*
cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:*
Vendors & Products Ubiquiti
Ubiquiti unifi Access Points
Ubiquiti unifi Switch Firmware

Wed, 09 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Access Points
Ubiquiti unifi Switch Firmware
CPEs cpe:2.3:a:ubiquiti:unifi_access_points:*:*:*:*:*:*:*:*
cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:*
Vendors & Products Ubiquiti
Ubiquiti unifi Access Points
Ubiquiti unifi Switch Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Ui U6-enterprise U6-enterprise-iw U6-extender U6-iw U6-lite U6-lr U6-mesh U6-pro U6\+ Uap-ac-iw Uap-ac-lite Uap-ac-lr Uap-ac-m Uap-ac-m-pro Uap-ac-pro Ubb Ubb-xg Unifi Switch Firmware Unifi Uap Firmware Us-16-150w Us-24-250w Us-48-500w Us-8-150w Us-8-60w Us-xg-6poe Usw-16-poe Usw-24 Usw-24-poe Usw-48 Usw-48-poe Usw-aggregation Usw-enterprise-24-poe Usw-enterprise-48-poe Usw-enterprise-8-poe Usw-enterprisexg-24 Usw-flex Usw-flex-xg Usw-industrial Usw-lite-16-poe Usw-lite-8-poe Usw-mission-critical Usw-pro-24 Usw-pro-24-poe Usw-pro-48 Usw-pro-48-poe Usw-pro-aggregation Uwb-xg
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-12-04T16:30:27.937Z

Reserved: 2023-07-12T01:00:11.880Z

Link: CVE-2023-38034

cve-icon Vulnrichment

Updated: 2024-08-02T17:30:12.339Z

cve-icon NVD

Status : Modified

Published: 2023-08-10T19:15:09.803

Modified: 2024-11-21T08:12:43.107

Link: CVE-2023-38034

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses