An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).
Affected Products:
All UniFi Access Points (Version 6.5.50 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.
Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update the UniFi Switches to Version 6.5.59 or later.
References
Link | Resource |
---|---|
https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56 | Issue Tracking Vendor Advisory |
https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 08:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56 - Issue Tracking, Vendor Advisory |
17 Aug 2023, 14:42
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56 - Issue Tracking, Vendor Advisory | |
CWE | CWE-190 | |
CPE | cpe:2.3:h:ui:us-24-250w:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-lite-8-poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:uap-ac-m-pro:-:*:*:*:*:*:*:* cpe:2.3:h:ui:ubb-xg:-:*:*:*:*:*:*:* cpe:2.3:h:ui:us-8-150w:-:*:*:*:*:*:*:* cpe:2.3:o:ui:unifi_uap_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ui:u6-mesh:-:*:*:*:*:*:*:* cpe:2.3:o:ui:unifi_switch_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ui:uap-ac-m:-:*:*:*:*:*:*:* cpe:2.3:h:ui:uap-ac-lite:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-enterprise-48-poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-flex:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-flex-xg:-:*:*:*:*:*:*:* cpe:2.3:h:ui:ubb:-:*:*:*:*:*:*:* cpe:2.3:h:ui:uap-ac-lr:-:*:*:*:*:*:*:* cpe:2.3:h:ui:u6-pro:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-enterprisexg-24:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-pro-24:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-pro-48:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-48-poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-pro-48-poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:uwb-xg:-:*:*:*:*:*:*:* cpe:2.3:h:ui:u6-extender:-:*:*:*:*:*:*:* cpe:2.3:h:ui:us-8-60w:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-mission-critical:-:*:*:*:*:*:*:* cpe:2.3:h:ui:u6-enterprise-iw:-:*:*:*:*:*:*:* cpe:2.3:h:ui:uap-ac-iw:-:*:*:*:*:*:*:* cpe:2.3:h:ui:us-xg-6poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-pro-aggregation:-:*:*:*:*:*:*:* cpe:2.3:h:ui:u6-enterprise:-:*:*:*:*:*:*:* cpe:2.3:h:ui:u6-lr:-:*:*:*:*:*:*:* cpe:2.3:h:ui:uap-ac-pro:-:*:*:*:*:*:*:* cpe:2.3:h:ui:us-16-150w:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-24:-:*:*:*:*:*:*:* cpe:2.3:h:ui:u6\+:-:*:*:*:*:*:*:* cpe:2.3:h:ui:us-48-500w:-:*:*:*:*:*:*:* cpe:2.3:h:ui:u6-lite:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-lite-16-poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:u6-iw:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-industrial:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-pro-24-poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-aggregation:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-24-poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-enterprise-8-poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-48:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-enterprise-24-poe:-:*:*:*:*:*:*:* cpe:2.3:h:ui:usw-16-poe:-:*:*:*:*:*:*:* |
10 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-10 19:15
Updated : 2024-11-21 08:07
NVD link : CVE-2023-35085
Mitre link : CVE-2023-35085
CVE.ORG link : CVE-2023-35085
JSON object : View
Products Affected
ui
- uwb-xg
- us-8-150w
- usw-enterprisexg-24
- us-xg-6poe
- usw-enterprise-8-poe
- usw-lite-8-poe
- u6-iw
- usw-lite-16-poe
- u6-pro
- usw-flex-xg
- us-16-150w
- usw-48-poe
- u6-extender
- usw-pro-24
- u6-lite
- usw-24
- uap-ac-iw
- us-8-60w
- usw-enterprise-48-poe
- uap-ac-lite
- usw-48
- u6-lr
- usw-pro-48-poe
- uap-ac-pro
- ubb
- unifi_uap_firmware
- u6-enterprise
- usw-aggregation
- usw-industrial
- u6-mesh
- uap-ac-m-pro
- us-48-500w
- usw-pro-aggregation
- uap-ac-lr
- usw-pro-24-poe
- usw-enterprise-24-poe
- usw-pro-48
- usw-24-poe
- unifi_switch_firmware
- ubb-xg
- u6-enterprise-iw
- us-24-250w
- usw-16-poe
- u6\+
- usw-mission-critical
- uap-ac-m
- usw-flex
CWE
CWE-190
Integer Overflow or Wraparound