CVE-2023-23119
First published: Thu Feb 02 2023(Updated: )
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Af-2x Firmware | <3.2.2 | |
| Ui Af-2x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-23119?
CVE-2023-23119 is a vulnerability in the Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier that makes it vulnerable to firmware modification attacks due to the use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update.
How does CVE-2023-23119 affect Ubiquiti airFiber AF2X Radio firmware?
CVE-2023-23119 allows an attacker to conduct a man-in-the-middle (MITM) attack to modify the new firmware image during the firmware update process.
What is the severity of CVE-2023-23119?
CVE-2023-23119 has a severity rating of 5.9, which is considered medium.
How can I mitigate CVE-2023-23119?
To mitigate CVE-2023-23119, update your Ubiquiti airFiber AF2X Radio firmware to version 3.2.3 or later that fixes this vulnerability.
Is Ubiquiti airFiber AF2X Radio vulnerable to CVE-2023-23119?
Yes, Ubiquiti airFiber AF2X Radio firmware versions 3.2.2 and earlier are vulnerable to CVE-2023-23119.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/ui
- canonical/ui af-2x firmware
- canonical/ui af-2x