A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE).


Affected Products:
All UniFi Access Points (Version 6.5.53 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.


Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update UniFi Switches to Version 6.5.59 or later.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02739.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Ui
  • U6-enterprise
  • U6-enterprise-iw
  • U6-extender
  • U6-iw
  • U6-lite
  • U6-lr
  • U6-mesh
  • U6-pro
  • U6\+
  • Uap-ac-iw
  • Uap-ac-lite
  • Uap-ac-lr
  • Uap-ac-m
  • Uap-ac-m-pro
  • Uap-ac-pro
  • Ubb
  • Ubb-xg
  • Unifi Switch Firmware
  • Unifi Uap Firmware
  • Us-16-150w
  • Us-24-250w
  • Us-48-500w
  • Us-8-150w
  • Us-8-60w
  • Us-xg-6poe
  • Usw-16-poe
  • Usw-24
  • Usw-24-poe
  • Usw-48
  • Usw-48-poe
  • Usw-aggregation
  • Usw-enterprise-24-poe
  • Usw-enterprise-48-poe
  • Usw-enterprise-8-poe
  • Usw-enterprisexg-24
  • Usw-flex
  • Usw-flex-xg
  • Usw-industrial
  • Usw-lite-16-poe
  • Usw-lite-8-poe
  • Usw-mission-critical
  • Usw-pro-24
  • Usw-pro-24-poe
  • Usw-pro-48
  • Usw-pro-48-poe
  • Usw-pro-aggregation
  • Uwb-xg

Configuration 1 [-]

AND
cpe:2.3:o:ui:unifi_uap_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ui:u6\+:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:u6-enterprise:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:u6-enterprise-iw:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:u6-extender:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:u6-iw:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:u6-lite:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:u6-lr:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:u6-mesh:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:u6-pro:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:uap-ac-iw:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:uap-ac-lite:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:uap-ac-lr:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:uap-ac-m:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:uap-ac-m-pro:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:uap-ac-pro:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:ubb:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:ubb-xg:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:uwb-xg:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:ui:unifi_switch_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ui:us-16-150w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:us-24-250w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:us-48-500w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:us-8-150w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:us-8-60w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:us-xg-6poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-16-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-24:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-24-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-48:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-48-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-aggregation:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-enterprise-24-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-enterprise-48-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-enterprise-8-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-enterprisexg-24:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-flex:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-flex-xg:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-industrial:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-lite-16-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-lite-8-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-mission-critical:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-pro-24:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-pro-24-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-pro-48:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-pro-48-poe:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:usw-pro-aggregation:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-41861 A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56 cve-icon cve-icon
History

Wed, 04 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ubiquiti:unifi_access_points:*:*:*:*:*:*:*:*
cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:*
Vendors & Products Ubiquiti
Ubiquiti unifi Access Points
Ubiquiti unifi Switch Firmware

Wed, 09 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Access Points
Ubiquiti unifi Switch Firmware
CPEs cpe:2.3:a:ubiquiti:unifi_access_points:*:*:*:*:*:*:*:*
cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:*
Vendors & Products Ubiquiti
Ubiquiti unifi Access Points
Ubiquiti unifi Switch Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-12-04T16:30:27.937Z

Reserved: 2023-07-12T01:00:11.880Z

Link: CVE-2023-38034

cve-icon Vulnrichment

Updated: 2024-08-02T17:30:12.339Z

cve-icon NVD

Status : Modified

Published: 2023-08-10T19:15:09.803

Modified: 2024-11-21T08:12:43.107

Link: CVE-2023-38034

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.