CVE-2023-38034: A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow...

8.3 CVSS

Description

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE).

Affected Products:
All UniFi Access Points (Version 6.5.53 and earlier)
All UniFi Switches (Version 6.5.32 and earlier)
-USW Flex Mini excluded.

Mitigation:
Update UniFi Access Points to Version 6.5.62 or later.
Update UniFi Switches to Version 6.5.59 or later.

Classification

CVE ID: CVE-2023-38034

CVSS Base Severity: HIGH

CVSS Base Score: 8.3

Affected Products

Vendor: Ubiquiti Inc

Product: UniFi Access Points

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.25% (probability of being exploited)

EPSS Percentile: 64.24% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56

Timeline

2024-12-05 00:32:10 UTC
CVE

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow...