Vulnerability Description
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ui | Af-2X Firmware | < 3.2.2 |
| Ui | Af-2X | - |
Related Weaknesses (CWE)
References
- https://community.ui.com/tags/security/releasesVendor Advisory
- https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SkYce4f5oExploitThird Party Advisory
- https://community.ui.com/tags/security/releasesVendor Advisory
- https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SkYce4f5oExploitThird Party Advisory
FAQ
What is CVE-2023-23119?
CVE-2023-23119 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modificat...
How severe is CVE-2023-23119?
CVE-2023-23119 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23119?
Check the references section above for vendor advisories and patch information. Affected products include: Ui Af-2X Firmware, Ui Af-2X.