PT-2023-25136 · Ubiquiti · Unifi Switches+1

Published

2023-08-10

Updated

2023-08-17

CVE-2023-35085

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UniFi Access Points versions 6.5.50 and earlier UniFi Switches versions 6.5.32 and earlier

Description An integer overflow vulnerability in UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).

Recommendations Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2023-35085

Affected Products

Unifi Access Points

Unifi Switches

PT-2023-25136 · Ubiquiti · Unifi Switches+1

CVE-2023-35085

Weakness Enumeration

Related Identifiers

Affected Products

References · 5