9.8
CVE-2023-35085
- EPSS 5.4%
- Veröffentlicht 10.08.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:07:56
- Quelle support@hackerone.com
- Teams Watchlist Login
- Unerledigt Login
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ui ≫ Unifi Uap Firmware Version <= 6.5.50
Ui ≫ U6+ Version-
Ui ≫ U6-enterprise Version-
Ui ≫ U6-enterprise-iw Version-
Ui ≫ U6-extender Version-
Ui ≫ U6-iw Version-
Ui ≫ U6-lite Version-
Ui ≫ U6-lr Version-
Ui ≫ U6-mesh Version-
Ui ≫ U6-pro Version-
Ui ≫ Uap-ac-iw Version-
Ui ≫ Uap-ac-lite Version-
Ui ≫ Uap-ac-lr Version-
Ui ≫ Uap-ac-m Version-
Ui ≫ Uap-ac-m-pro Version-
Ui ≫ Uap-ac-pro Version-
Ui ≫ Ubb Version-
Ui ≫ Ubb-xg Version-
Ui ≫ Uwb-xg Version-
Ui ≫ U6-enterprise Version-
Ui ≫ U6-enterprise-iw Version-
Ui ≫ U6-extender Version-
Ui ≫ U6-iw Version-
Ui ≫ U6-lite Version-
Ui ≫ U6-lr Version-
Ui ≫ U6-mesh Version-
Ui ≫ U6-pro Version-
Ui ≫ Uap-ac-iw Version-
Ui ≫ Uap-ac-lite Version-
Ui ≫ Uap-ac-lr Version-
Ui ≫ Uap-ac-m Version-
Ui ≫ Uap-ac-m-pro Version-
Ui ≫ Uap-ac-pro Version-
Ui ≫ Ubb Version-
Ui ≫ Ubb-xg Version-
Ui ≫ Uwb-xg Version-
Ui ≫ Unifi Switch Firmware Version <= 6.5.32
Ui ≫ Us-16-150w Version-
Ui ≫ Us-24-250w Version-
Ui ≫ Us-48-500w Version-
Ui ≫ Us-8-150w Version-
Ui ≫ Us-8-60w Version-
Ui ≫ Us-xg-6poe Version-
Ui ≫ Usw-16-poe Version-
Ui ≫ Usw-24 Version-
Ui ≫ Usw-24-poe Version-
Ui ≫ Usw-48 Version-
Ui ≫ Usw-48-poe Version-
Ui ≫ Usw-aggregation Version-
Ui ≫ Usw-enterprise-24-poe Version-
Ui ≫ Usw-enterprise-48-poe Version-
Ui ≫ Usw-enterprise-8-poe Version-
Ui ≫ Usw-enterprisexg-24 Version-
Ui ≫ Usw-flex Version-
Ui ≫ Usw-flex-xg Version-
Ui ≫ Usw-industrial Version-
Ui ≫ Usw-lite-16-poe Version-
Ui ≫ Usw-lite-8-poe Version-
Ui ≫ Usw-mission-critical Version-
Ui ≫ Usw-pro-24 Version-
Ui ≫ Usw-pro-24-poe Version-
Ui ≫ Usw-pro-48 Version-
Ui ≫ Usw-pro-48-poe Version-
Ui ≫ Usw-pro-aggregation Version-
Ui ≫ Us-24-250w Version-
Ui ≫ Us-48-500w Version-
Ui ≫ Us-8-150w Version-
Ui ≫ Us-8-60w Version-
Ui ≫ Us-xg-6poe Version-
Ui ≫ Usw-16-poe Version-
Ui ≫ Usw-24 Version-
Ui ≫ Usw-24-poe Version-
Ui ≫ Usw-48 Version-
Ui ≫ Usw-48-poe Version-
Ui ≫ Usw-aggregation Version-
Ui ≫ Usw-enterprise-24-poe Version-
Ui ≫ Usw-enterprise-48-poe Version-
Ui ≫ Usw-enterprise-8-poe Version-
Ui ≫ Usw-enterprisexg-24 Version-
Ui ≫ Usw-flex Version-
Ui ≫ Usw-flex-xg Version-
Ui ≫ Usw-industrial Version-
Ui ≫ Usw-lite-16-poe Version-
Ui ≫ Usw-lite-8-poe Version-
Ui ≫ Usw-mission-critical Version-
Ui ≫ Usw-pro-24 Version-
Ui ≫ Usw-pro-24-poe Version-
Ui ≫ Usw-pro-48 Version-
Ui ≫ Usw-pro-48-poe Version-
Ui ≫ Usw-pro-aggregation Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.4% | 0.897 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| support@hackerone.com | 9 | 2.2 | 6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.