An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).
Affected Products:
All UniFi Access Points (Version 6.5.50 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.
Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update the UniFi Switches to Version 6.5.59 or later.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Ui |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
No data.
References
History
Thu, 05 Dec 2024 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ubiquiti
Ubiquiti unifi Access Points Ubiquiti unifi Switch Firmware |
Wed, 09 Oct 2024 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ubiquiti
Ubiquiti unifi Access Points Ubiquiti unifi Switch Firmware |
|
| CPEs | cpe:2.3:a:ubiquiti:unifi_access_points:*:*:*:*:*:*:*:* cpe:2.3:o:ubiquiti:unifi_switch_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ubiquiti
Ubiquiti unifi Access Points Ubiquiti unifi Switch Firmware |
|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2024-12-04T16:30:50.323Z
Reserved: 2023-06-13T01:00:11.784Z
Link: CVE-2023-35085
Vulnrichment
Updated: 2024-08-02T16:23:58.703Z
NVD
Status : Modified
Published: 2023-08-10T19:15:09.730
Modified: 2024-11-21T08:07:56.790
Link: CVE-2023-35085
Redhat
No data.