CVE-2023-35085 : An integer overflow vulnerability in all UniFi Access Points and Switches, exclu

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.

Published 2023-08-10 19:15:10

Updated 2023-08-17 14:42:14

Source HackerOne

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2023-35085

UI » Unifi Switch Firmware
Versions up to, including, (<=) 6.5.32
cpe:2.3:o:ui:unifi_switch_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: UI » Us-16-150w » Version: N/A
When used together with: UI » Us-24-250w » Version: N/A
When used together with: UI » Us-48-500w » Version: N/A
When used together with: UI » Us-8-150w » Version: N/A
When used together with: UI » Us-8-60w » Version: N/A
When used together with: UI » Us-xg-6poe » Version: N/A
When used together with: UI » Usw-16-poe » Version: N/A
When used together with: UI » Usw-24 » Version: N/A
When used together with: UI » Usw-24-poe » Version: N/A
When used together with: UI » Usw-48 » Version: N/A
When used together with: UI » Usw-48-poe » Version: N/A
When used together with: UI » Usw-aggregation » Version: N/A
When used together with: UI » Usw-enterprise-24-poe » Version: N/A
When used together with: UI » Usw-enterprise-48-poe » Version: N/A
When used together with: UI » Usw-enterprise-8-poe » Version: N/A
When used together with: UI » Usw-enterprisexg-24 » Version: N/A
When used together with: UI » Usw-flex » Version: N/A
When used together with: UI » Usw-flex-xg » Version: N/A
When used together with: UI » Usw-industrial » Version: N/A
When used together with: UI » Usw-lite-16-poe » Version: N/A
When used together with: UI » Usw-lite-8-poe » Version: N/A
When used together with: UI » Usw-mission-critical » Version: N/A
When used together with: UI » Usw-pro-24 » Version: N/A
When used together with: UI » Usw-pro-24-poe » Version: N/A
When used together with: UI » Usw-pro-48 » Version: N/A
When used together with: UI » Usw-pro-48-poe » Version: N/A
When used together with: UI » Usw-pro-aggregation » Version: N/A
UI » Unifi Uap Firmware
Versions up to, including, (<=) 6.5.50
cpe:2.3:o:ui:unifi_uap_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: UI » U6+ » Version: N/A
When used together with: UI » U6-enterprise » Version: N/A
When used together with: UI » U6-enterprise-iw » Version: N/A
When used together with: UI » U6-extender » Version: N/A
When used together with: UI » U6-iw » Version: N/A
When used together with: UI » U6-lite » Version: N/A
When used together with: UI » U6-lr » Version: N/A
When used together with: UI » U6-mesh » Version: N/A
When used together with: UI » U6-pro » Version: N/A
When used together with: UI » Uap-ac-iw » Version: N/A
When used together with: UI » Uap-ac-lite » Version: N/A
When used together with: UI » Uap-ac-lr » Version: N/A
When used together with: UI » Uap-ac-m » Version: N/A
When used together with: UI » Uap-ac-m-pro » Version: N/A
When used together with: UI » Uap-ac-pro » Version: N/A
When used together with: UI » UBB » Version: N/A
When used together with: UI » Ubb-xg » Version: N/A
When used together with: UI » Uwb-xg » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-35085

EPSS FAQ

2.86%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-35085

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	CRITICAL	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	2.2	6.0	HackerOne
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-35085

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-35085

https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56

Security Advisory Bulletin 035 | Ubiquiti Community
Issue Tracking;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-35085

Products affected by CVE-2023-35085

Exploit prediction scoring system (EPSS) score for CVE-2023-35085

CVSS scores for CVE-2023-35085

CWE ids for CVE-2023-35085

References for CVE-2023-35085