An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).
Affected Products:
All UniFi Access Points (Version 6.5.50 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.
Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update the UniFi Switches to Version 6.5.59 or later.
Affected Products:
All UniFi Access Points (Version 6.5.50 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.
Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update the UniFi Switches to Version 6.5.59 or later.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Access Points | unaffected |
|
||||||
| Ubiquiti Inc | UniFi Switches | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Ui
Subscribe
|
U6-enterprise
Subscribe
U6-enterprise-iw
Subscribe
U6-extender
Subscribe
U6-iw
Subscribe
U6-lite
Subscribe
U6-lr
Subscribe
U6-mesh
Subscribe
U6-pro
Subscribe
U6\+
Subscribe
Uap-ac-iw
Subscribe
Uap-ac-lite
Subscribe
Uap-ac-lr
Subscribe
Uap-ac-m
Subscribe
Uap-ac-m-pro
Subscribe
Uap-ac-pro
Subscribe
Ubb
Subscribe
Ubb-xg
Subscribe
Unifi Switch Firmware
Subscribe
Unifi Uap Firmware
Subscribe
Us-16-150w
Subscribe
Us-24-250w
Subscribe
Us-48-500w
Subscribe
Us-8-150w
Subscribe
Us-8-60w
Subscribe
Us-xg-6poe
Subscribe
Usw-16-poe
Subscribe
Usw-24
Subscribe
Usw-24-poe
Subscribe
Usw-48
Subscribe
Usw-48-poe
Subscribe
Usw-aggregation
Subscribe
Usw-enterprise-24-poe
Subscribe
Usw-enterprise-48-poe
Subscribe
Usw-enterprise-8-poe
Subscribe
Usw-enterprisexg-24
Subscribe
Usw-flex
Subscribe
Usw-flex-xg
Subscribe
Usw-industrial
Subscribe
Usw-lite-16-poe
Subscribe
Usw-lite-8-poe
Subscribe
Usw-mission-critical
Subscribe
Usw-pro-24
Subscribe
Usw-pro-24-poe
Subscribe
Usw-pro-48
Subscribe
Usw-pro-48-poe
Subscribe
Usw-pro-aggregation
Subscribe
Uwb-xg
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-39120 | An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 05 Dec 2024 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ubiquiti
Ubiquiti unifi Access Points Ubiquiti unifi Switch Firmware |
Wed, 09 Oct 2024 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ubiquiti
Ubiquiti unifi Access Points Ubiquiti unifi Switch Firmware |
|
| CPEs | cpe:2.3:a:ubiquiti:unifi_access_points:*:*:*:*:*:*:*:* cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ubiquiti
Ubiquiti unifi Access Points Ubiquiti unifi Switch Firmware |
|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2024-12-04T16:30:50.323Z
Reserved: 2023-06-13T01:00:11.784Z
Link: CVE-2023-35085
Vulnrichment
Updated: 2024-08-02T16:23:58.703Z
NVD
Status : Modified
Published: 2023-08-10T19:15:09.730
Modified: 2024-11-21T08:07:56.790
Link: CVE-2023-35085
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses