CVE-2023-38034 HIGH

CVE-2023-38034

Vendor Ubiquiti Inc
Product UniFi Access Points
Published August 10, 2023
Last update December 4, 2024

CVSS base score

8.3/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.

Key dates

02Disclosure timeline

August 10, 2023 CVE published
December 4, 2024 Record updated