CVE-2023-38034

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 10, 2023
Updated: Aug 17, 2023
CWE ID 77

Summary

CVE-2023-38034 is a command injection vulnerability that poses a Remote Code Execution (RCE) risk in the DHCP Client function of all UniFi Access Points and Switches, except for the Switch Flex Mini (USW Flex Mini). This issue can potentially impact UniFi Access Points running Version 6.5.53 and earlier, and Switches running Version 6.5.32 and earlier. To mitigate the risk, UniFi Access Point users must update their devices to Version 6.5.62 or later, whereas UniFi Switch users should update to Version 6.5.59 or later.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share