CVE-2023-35085: An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default...

9.0 CVSS

Description

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).

Affected Products:
All UniFi Access Points (Version 6.5.50 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.

Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update the UniFi Switches to Version 6.5.59 or later.

Classification

CVE ID: CVE-2023-35085

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.0

Affected Products

Vendor: Ubiquiti Inc

Product: UniFi Access Points

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.3% (probability of being exploited)

EPSS Percentile: 69.58% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56

Timeline

2024-12-05 00:32:06 UTC
CVE

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default...