CVE-2023-38034: Command Injection
First published: Thu Aug 10 2023(Updated: )
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ui Unifi UAP Firmware | <=6.5.53 | |
| Ui U6+ | ||
| Ui U6 Enterprise IW | ||
| Ui U6 Enterprise IW | ||
| Ui U6 | ||
| Ui U6-series | ||
| Ubiquiti UniFi 6 Lite (U6-Lite) | ||
| Ubiquiti U6-LR | ||
| Ui U6 | ||
| Ubiquiti U6-series | ||
| Ubiquiti UniFi UAP-AC-IW | ||
| Ui Unifi UAP Firmware | ||
| Ubiquiti UniFi UAP-AC-LR | ||
| Ubiquiti UniFi UAP-AC-M-P | ||
| Ubiquiti UniFi UAP-AC-M-P | ||
| Ui Unifi UAP Firmware | ||
| Ui Ubb-xg | ||
| Ui Ubb-xg | ||
| Ui Uwb-xg | ||
| Ui Unifi Switch Firmware | <=6.5.32 | |
| Ubiquiti Networks US-16-150W | ||
| Ui Us-24-250w | ||
| Ubiquiti Networks UISP US-48-500W | ||
| Ubiquiti Networks US-8-150W | ||
| Ubiquiti US-8-60W | ||
| Ui Us-xg-6poe | ||
| Ubiquiti UniFi Switch Lite 16 POE | ||
| UI USW-24-POE | ||
| Ubiquiti UniFi Switch USW-24-POE | ||
| Ubiquiti UniFi Switch USW-48 | ||
| Ui Usw Enterprise 48 Poe | ||
| Ui Usw-aggregation | ||
| Ui Usw-enterprise | ||
| Ui Usw Enterprise 48 Poe | ||
| Ui Usw-enterprise-8-poe | ||
| Ui Usw-enterprise | ||
| USW-Flex | ||
| Ubiquiti USW-Flex-XG | ||
| Ui Usw-industrial | ||
| Ubiquiti UniFi Switch Lite 16 POE | ||
| UniFi USW-LITE-8-POE | ||
| Ui Usw-mission-critical | ||
| Ubiquiti UniFi Switch Pro 24 POE | ||
| Ubiquiti UniFi Switch Pro 24 POE | ||
| Ubiquiti UniFi Switch USW-Pro-48 | ||
| Ubiquiti UniFi Switch USW-Pro-48-POE | ||
| Ui Usw-pro-aggregation |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-38034.
What is the severity of CVE-2023-38034?
The severity of CVE-2023-38034 is critical with a severity value of 9.8.
Which products are affected by CVE-2023-38034?
All UniFi Access Points (Version 6.5.53 and earlier) and all UniFi Switches (Version 6.5.32 and earlier) are affected by CVE-2023-38034, excluding the Switch Flex Mini.
How does CVE-2023-38034 impact the affected products?
CVE-2023-38034 is a command injection vulnerability in the DHCP Client function of the affected UniFi Access Points and Switches, which could allow remote code execution (RCE).
Is there a fix available for CVE-2023-38034?
Yes, a fix for CVE-2023-38034 is available. Please refer to the reference link for more information.
- agent/type
- agent/references
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/ui
- canonical/ui unifi uap firmware
- version/ui unifi uap firmware/6.5.53
- canonical/ui u6+
- canonical/ui u6 enterprise iw
- canonical/ui u6
- canonical/ui u6-series
- canonical/ubiquiti unifi 6 lite (u6-lite)
- canonical/ubiquiti u6-lr
- canonical/ubiquiti u6-series
- canonical/ubiquiti unifi uap-ac-iw
- canonical/ubiquiti unifi uap-ac-lr
- canonical/ubiquiti unifi uap-ac-m-p
- canonical/ui ubb-xg
- canonical/ui uwb-xg
- canonical/ui unifi switch firmware
- version/ui unifi switch firmware/6.5.32
- canonical/ubiquiti networks us-16-150w
- canonical/ui us-24-250w
- canonical/ubiquiti networks uisp us-48-500w
- canonical/ubiquiti networks us-8-150w
- canonical/ubiquiti us-8-60w
- canonical/ui us-xg-6poe
- canonical/ubiquiti unifi switch lite 16 poe
- canonical/ui usw-24-poe
- canonical/ubiquiti unifi switch usw-24-poe
- canonical/ubiquiti unifi switch usw-48
- canonical/ui usw enterprise 48 poe
- canonical/ui usw-aggregation
- canonical/ui usw-enterprise
- canonical/ui usw-enterprise-8-poe
- canonical/usw-flex
- canonical/ubiquiti usw-flex-xg
- canonical/ui usw-industrial
- canonical/unifi usw-lite-8-poe
- canonical/ui usw-mission-critical
- canonical/ubiquiti unifi switch pro 24 poe
- canonical/ubiquiti unifi switch usw-pro-48
- canonical/ubiquiti unifi switch usw-pro-48-poe
- canonical/ui usw-pro-aggregation