A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE).
Affected Products:
All UniFi Access Points (Version 6.5.53 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.
Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update UniFi Switches to Version 6.5.59 or later.
Affected Products:
All UniFi Access Points (Version 6.5.53 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.
Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update UniFi Switches to Version 6.5.59 or later.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi Access Points | unaffected |
|
||||||
| Ubiquiti Inc | UniFi Switches | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Ui
Subscribe
|
U6-enterprise
Subscribe
U6-enterprise-iw
Subscribe
U6-extender
Subscribe
U6-iw
Subscribe
U6-lite
Subscribe
U6-lr
Subscribe
U6-mesh
Subscribe
U6-pro
Subscribe
U6\+
Subscribe
Uap-ac-iw
Subscribe
Uap-ac-lite
Subscribe
Uap-ac-lr
Subscribe
Uap-ac-m
Subscribe
Uap-ac-m-pro
Subscribe
Uap-ac-pro
Subscribe
Ubb
Subscribe
Ubb-xg
Subscribe
Unifi Switch Firmware
Subscribe
Unifi Uap Firmware
Subscribe
Us-16-150w
Subscribe
Us-24-250w
Subscribe
Us-48-500w
Subscribe
Us-8-150w
Subscribe
Us-8-60w
Subscribe
Us-xg-6poe
Subscribe
Usw-16-poe
Subscribe
Usw-24
Subscribe
Usw-24-poe
Subscribe
Usw-48
Subscribe
Usw-48-poe
Subscribe
Usw-aggregation
Subscribe
Usw-enterprise-24-poe
Subscribe
Usw-enterprise-48-poe
Subscribe
Usw-enterprise-8-poe
Subscribe
Usw-enterprisexg-24
Subscribe
Usw-flex
Subscribe
Usw-flex-xg
Subscribe
Usw-industrial
Subscribe
Usw-lite-16-poe
Subscribe
Usw-lite-8-poe
Subscribe
Usw-mission-critical
Subscribe
Usw-pro-24
Subscribe
Usw-pro-24-poe
Subscribe
Usw-pro-48
Subscribe
Usw-pro-48-poe
Subscribe
Usw-pro-aggregation
Subscribe
Uwb-xg
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-41861 | A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 04 Dec 2024 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ubiquiti
Ubiquiti unifi Access Points Ubiquiti unifi Switch Firmware |
Wed, 09 Oct 2024 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ubiquiti
Ubiquiti unifi Access Points Ubiquiti unifi Switch Firmware |
|
| CPEs | cpe:2.3:a:ubiquiti:unifi_access_points:*:*:*:*:*:*:*:* cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ubiquiti
Ubiquiti unifi Access Points Ubiquiti unifi Switch Firmware |
|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2024-12-04T16:30:27.937Z
Reserved: 2023-07-12T01:00:11.880Z
Link: CVE-2023-38034
Vulnrichment
Updated: 2024-08-02T17:30:12.339Z
NVD
Status : Modified
Published: 2023-08-10T19:15:09.803
Modified: 2024-11-21T08:12:43.107
Link: CVE-2023-38034
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses