CVE-2023-35085
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
10/08/2023
Last modified:
17/08/2023
Description
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).<br />
<br />
<br />
<br />
Affected Products:<br />
All UniFi Access Points (Version 6.5.50 and earlier)<br />
All UniFi Switches (Version 6.5.32 and earlier) <br />
-USW Flex Mini excluded.<br />
<br />
<br />
Mitigation:<br />
Update UniFi Access Points to Version 6.5.62 or later.<br />
Update the UniFi Switches to Version 6.5.59 or later.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ui:unifi_uap_firmware:*:*:*:*:*:*:*:* | 6.5.50 (including) | |
| cpe:2.3:h:ui:u6\+:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:u6-enterprise:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:u6-enterprise-iw:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:u6-extender:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:u6-iw:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:u6-lite:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:u6-lr:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:u6-mesh:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:u6-pro:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:uap-ac-iw:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:uap-ac-lite:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:uap-ac-lr:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:uap-ac-m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ui:uap-ac-m-pro:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page