UniFi - Security Advisory Bulletin 035

Important news for UniFi network hardware users! An integer overflow vulnerability discovered in all UniFi Access Points and Switches (excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE)) demands immediate action. Protect your network—swiftly upgrade firmware to mitigate risks. Safeguard against potential exploits and ensure uninterrupted connectivity.

Following via UniFi Forum

Overview
Published: Aug 9, 2023

Version: 1.1 Revision: 1.1

Summary 1 of 2

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).

 

Affected Products:

All UniFi Access Points (Version 6.5.50 and earlier)

All UniFi Switches (Version 6.5.32 and earlier) 

USW Flex Mini excluded.
 

Mitigation:

Update UniFi Access Points to Version 6.5.62 or later.

Update the UniFi Switches to Version 6.5.59 or later.

 

Impact:

CVSS v3.0 Severity and Metrics:

Base Score: 9.0 Critical

Vector: 

CVSS: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H  

CVECVE-2023-35085 (Mathew Marcus)

 

Summary 2 of 2

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE).

 

Affected Products:

All UniFi Access Points (Version 6.5.53 and earlier)

All UniFi Switches (Version 6.5.32 and earlier) 

USW Flex Mini excluded.
 

Mitigation:

Update UniFi Access Points to Version 6.5.62 or later.

Update UniFi Switches to Version 6.5.59 or later.

 

Impact:

CVSS v3.0 Severity and Metrics:

Base Score: 8.3 High

Vector: 

CVSS: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 

CVECVE-2023-38034 (Mathew Marcus)

 

Reference Links:

https://community.ui.com/releases/UniFi-Access-Point-6-5-64/d8a0725c-a12b-44b2-bce3-e540602ecb81

https://community.ui.com/releases/UniFi-Access-Point-6-5-62/5f88c727-f812-4be7-9560-5f5d22a824d8

https://community.ui.com/releases/UniFi-Switch-6-5-59/124a0554-6d46-4c51-baba-efb99e330099

 

Read more via UniFi community forum: https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56