CVE-2023-2379
Severity CVSS v4.0:
Pending analysis
Type:
CWE-404
Improper Resource Shutdown or Release
Publication date:
28/04/2023
Last modified:
17/05/2024
Description
A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:* | 2.0.9 (excluding) | |
| cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:* | 2.0.9 (excluding) | |
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:* | ||
| cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page