Vulnerability Description
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ui | Unifi Uap Firmware | <= 6.5.53 |
| Ui | U6\+ | - |
| Ui | U6-Enterprise | - |
| Ui | U6-Enterprise-Iw | - |
| Ui | U6-Extender | - |
| Ui | U6-Iw | - |
| Ui | U6-Lite | - |
| Ui | U6-Lr | - |
| Ui | U6-Mesh | - |
| Ui | U6-Pro | - |
| Ui | Uap-Ac-Iw | - |
| Ui | Uap-Ac-Lite | - |
| Ui | Uap-Ac-Lr | - |
| Ui | Uap-Ac-M | - |
| Ui | Uap-Ac-M-Pro | - |
| Ui | Uap-Ac-Pro | - |
| Ui | Ubb | - |
| Ui | Ubb-Xg | - |
| Ui | Uwb-Xg | - |
| Ui | Unifi Switch Firmware | <= 6.5.32 |
Related Weaknesses (CWE)
References
- https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-98Issue TrackingVendor Advisory
- https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-98Issue TrackingVendor Advisory
FAQ
What is CVE-2023-38034?
CVE-2023-38034 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: ...
How severe is CVE-2023-38034?
CVE-2023-38034 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-38034?
Check the references section above for vendor advisories and patch information. Affected products include: Ui Unifi Uap Firmware, Ui U6\+, Ui U6-Enterprise, Ui U6-Enterprise-Iw, Ui U6-Extender.