CVE-2023-35085 - OpenCVE

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ui	Uap-ac-m-pro Usw-enterprisexg-24 U6-mesh U6-lr Uap-ac-iw Usw-mission-critical Usw-24 Ubb U6-enterprise U6-enterprise-iw Usw-24-poe Unifi Switch Firmware Usw-flex-xg Usw-aggregation Uap-ac-lr Usw-flex Uap-ac-pro Usw-pro-48 Usw-pro-24-poe Uap-ac-m Usw-enterprise-48-poe Usw-pro-24 Us-8-150w U6-lite U6-extender Us-16-150w Ubb-xg Us-48-500w Usw-48-poe U6-pro Uap-ac-lite Usw-pro-aggregation U6\+ Us-xg-6poe Usw-lite-16-poe Usw-lite-8-poe Us-8-60w Usw-16-poe U6-iw Usw-pro-48-poe Usw-48 Usw-industrial Us-24-250w Usw-enterprise-8-poe Usw-enterprise-24-poe Uwb-xg Unifi Uap Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ui:unifi_uap_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ui:u6\+:-:::::::*
	cpe:2.3:h:ui:u6-enterprise:-:::::::*
	cpe:2.3:h:ui:u6-enterprise-iw:-:::::::*
	cpe:2.3:h:ui:u6-extender:-:::::::*
	cpe:2.3:h:ui:u6-iw:-:::::::*
	cpe:2.3:h:ui:u6-lite:-:::::::*
	cpe:2.3:h:ui:u6-lr:-:::::::*
	cpe:2.3:h:ui:u6-mesh:-:::::::*
	cpe:2.3:h:ui:u6-pro:-:::::::*
	cpe:2.3:h:ui:uap-ac-iw:-:::::::*
	cpe:2.3:h:ui:uap-ac-lite:-:::::::*
	cpe:2.3:h:ui:uap-ac-lr:-:::::::*
	cpe:2.3:h:ui:uap-ac-m:-:::::::*
	cpe:2.3:h:ui:uap-ac-m-pro:-:::::::*
	cpe:2.3:h:ui:uap-ac-pro:-:::::::*
	cpe:2.3:h:ui:ubb:-:::::::*
	cpe:2.3:h:ui:ubb-xg:-:::::::*
	cpe:2.3:h:ui:uwb-xg:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:ui:unifi_switch_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ui:us-16-150w:-:::::::*
	cpe:2.3:h:ui:us-24-250w:-:::::::*
	cpe:2.3:h:ui:us-48-500w:-:::::::*
	cpe:2.3:h:ui:us-8-150w:-:::::::*
	cpe:2.3:h:ui:us-8-60w:-:::::::*
	cpe:2.3:h:ui:us-xg-6poe:-:::::::*
	cpe:2.3:h:ui:usw-16-poe:-:::::::*
	cpe:2.3:h:ui:usw-24:-:::::::*
	cpe:2.3:h:ui:usw-24-poe:-:::::::*
	cpe:2.3:h:ui:usw-48:-:::::::*
	cpe:2.3:h:ui:usw-48-poe:-:::::::*
	cpe:2.3:h:ui:usw-aggregation:-:::::::*
	cpe:2.3:h:ui:usw-enterprise-24-poe:-:::::::*
	cpe:2.3:h:ui:usw-enterprise-48-poe:-:::::::*
	cpe:2.3:h:ui:usw-enterprise-8-poe:-:::::::*
	cpe:2.3:h:ui:usw-enterprisexg-24:-:::::::*
	cpe:2.3:h:ui:usw-flex:-:::::::*
	cpe:2.3:h:ui:usw-flex-xg:-:::::::*
	cpe:2.3:h:ui:usw-industrial:-:::::::*
	cpe:2.3:h:ui:usw-lite-16-poe:-:::::::*
	cpe:2.3:h:ui:usw-lite-8-poe:-:::::::*
	cpe:2.3:h:ui:usw-mission-critical:-:::::::*
	cpe:2.3:h:ui:usw-pro-24:-:::::::*
	cpe:2.3:h:ui:usw-pro-24-poe:-:::::::*
	cpe:2.3:h:ui:usw-pro-48:-:::::::*
	cpe:2.3:h:ui:usw-pro-48-poe:-:::::::*
	cpe:2.3:h:ui:usw-pro-aggregation:-:::::::*