csaf_certbund - wid-sec-w-2023-2094

WID-SEC-W-2023-2094

Vulnerability from csaf_certbund - Published: 2023-08-17 22:00 - Updated: 2023-08-17 22:00

Summary

Ubiquiti UniFi Access Points und Switches: Mehrere Schwachstellen ermöglichen Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

UniFi ist Ubiquiti's End-to-End-Netzwerk-Ökosystem für Unternehmen und Smart Homes.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ubiquiti UniFi Access Points und Switches ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- BIOS/Firmware - Hardware Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "UniFi ist Ubiquiti\u0027s End-to-End-Netzwerk-\u00d6kosystem f\u00fcr Unternehmen und Smart Homes.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ubiquiti UniFi Access Points und Switches ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware\n- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2094 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2094.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2094 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2094"
      },
      {
        "category": "external",
        "summary": "Ubiquiti Security Advisory  vom 2023-08-09",
        "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56"
      }
    ],
    "source_lang": "en-US",
    "title": "Ubiquiti UniFi Access Points und Switches: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2023-08-17T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:57:14.046+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2094",
      "initial_release_date": "2023-08-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Ubiquiti UniFi Access Point \u003c 6.5.62",
                "product": {
                  "name": "Ubiquiti UniFi Access Point \u003c 6.5.62",
                  "product_id": "T029407",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ubnt:unifi:access_points_6.5.62"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Ubiquiti UniFi Switch \u003c 6.5.59",
                "product": {
                  "name": "Ubiquiti UniFi Switch \u003c 6.5.59",
                  "product_id": "T029408",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ubnt:unifi:switch_6.5.59"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UniFi"
          }
        ],
        "category": "vendor",
        "name": "Ubiquiti"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38034",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Ubiquiti UniFi Access Points und Switches besteht in der DHCP-Client-Funktion eine Command-Injection-Schwachstelle. Ein anonymer Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "release_date": "2023-08-17T22:00:00.000+00:00",
      "title": "CVE-2023-38034"
    },
    {
      "cve": "CVE-2023-35085",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in verschiedenen Ubiquiti UniFi Access Points und Switches aufgrund eines Integer Overflow Fehlers. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "release_date": "2023-08-17T22:00:00.000+00:00",
      "title": "CVE-2023-35085"
    }
  ]
}

CVE-2023-38034 (GCVE-0-2023-38034)

Vulnerability from cvelistv5 – Published: 2023-08-10 18:58 – Updated: 2024-12-04 16:30

Summary

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.

Severity ?

8.3 (High)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://community.ui.com/releases/Security-Adviso…

Impacted products

Vendor

Product

Version

Ubiquiti Inc

UniFi Access Points

Affected: 6.5.53 , ≤ 6.5.53 (semver)

Ubiquiti Inc

UniFi Switches

Affected: 6.5.32 , ≤ 6.5.32 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:30:12.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T19:39:04.848268Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T16:30:27.937Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Access Points",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThanOrEqual": "6.5.53",
              "status": "affected",
              "version": "6.5.53",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Switches",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThanOrEqual": "6.5.32",
              "status": "affected",
              "version": "6.5.32",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE).\n\n \nAffected Products:\nAll UniFi Access Points (Version 6.5.53 and earlier)\nAll UniFi Switches (Version 6.5.32 and earlier) \n-USW Flex Mini excluded.\n \n\nMitigation:\nUpdate UniFi Access Points to Version 6.5.62 or later.\nUpdate UniFi Switches to Version 6.5.59 or later."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-10T18:58:07.647Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-38034",
    "datePublished": "2023-08-10T18:58:07.647Z",
    "dateReserved": "2023-07-12T01:00:11.880Z",
    "dateUpdated": "2024-12-04T16:30:27.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-35085 (GCVE-0-2023-35085)

Vulnerability from cvelistv5 – Published: 2023-08-10 18:58 – Updated: 2024-12-04 16:30

Summary

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.

Severity ?

9 (Critical)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://community.ui.com/releases/Security-Adviso…

Impacted products

Vendor

Product

Version

Ubiquiti Inc

UniFi Access Points

Affected: 6.5.50 , ≤ 6.5.50 (semver)

Ubiquiti Inc

UniFi Switches

Affected: 6.5.32 , ≤ 6.5.32 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:23:58.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-35085",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T19:35:23.464052Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T16:30:50.323Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Access Points",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThanOrEqual": "6.5.50",
              "status": "affected",
              "version": "6.5.50",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UniFi Switches",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThanOrEqual": "6.5.32",
              "status": "affected",
              "version": "6.5.32",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).\n\n \n\nAffected Products:\nAll UniFi Access Points (Version 6.5.50 and earlier)\nAll UniFi Switches (Version 6.5.32 and earlier) \n-USW Flex Mini excluded.\n \n\nMitigation:\nUpdate UniFi Access Points to Version 6.5.62 or later.\nUpdate the UniFi Switches to Version 6.5.59 or later."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-10T18:58:17.222Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-35085",
    "datePublished": "2023-08-10T18:58:17.222Z",
    "dateReserved": "2023-06-13T01:00:11.784Z",
    "dateUpdated": "2024-12-04T16:30:50.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-2094

CVE-2023-38034 (GCVE-0-2023-38034)

CVE-2023-35085 (GCVE-0-2023-35085)

Tags

Sightings

Nomenclature