CVE-2023-38034

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 10, 2023

Updated: Aug 17, 2023

CWE ID 77

Summary

CVE-2023-38034 is a command injection vulnerability that poses a Remote Code Execution (RCE) risk in the DHCP Client function of all UniFi Access Points and Switches, except for the Switch Flex Mini (USW Flex Mini). This issue can potentially impact UniFi Access Points running Version 6.5.53 and earlier, and Switches running Version 6.5.32 and earlier. To mitigate the risk, UniFi Access Point users must update their devices to Version 6.5.62 or later, whereas UniFi Switch users should update to Version 6.5.59 or later.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r9fnXm
https://www.cve.org/CVERecord?id=CVE-2023-38034
https://nvd.nist.gov/vuln/detail/CVE-2023-38034

Back to Vulnerability Database

CVE-2023-38034

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations