PT-2023-26258 · Ubiquiti · Unifi Switches+1

Published

2023-08-10

Updated

2023-08-17

CVE-2023-38034

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UniFi Access Points versions 6.5.53 and earlier UniFi Switches versions 6.5.32 and earlier

Description A command injection vulnerability in the DHCP Client function of UniFi Access Points and Switches could allow a Remote Code Execution (RCE). The Switch Flex Mini is excluded from the list of affected products.

Recommendations Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2023-38034

Affected Products

Unifi Access Points

Unifi Switches

PT-2023-26258 · Ubiquiti · Unifi Switches+1

CVE-2023-38034

Weakness Enumeration

Related Identifiers

Affected Products

References · 5