Lucene search

[email protected]CVE-2023-23912

HistoryFeb 09, 2023 - 8:15 p.m.

CVE-2023-23912

2023-02-0920:15:11

CWE-75

CWE-94

[email protected]

web.nvd.nist.gov

cve-2023-23912

vulnerability

edgerouters

unifi security gateways

dhcpv6

remote code execution

nvd

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.

Affected configurations

NVD

Node

uiusg_firmwareRange<4.4.57

AND

uiusgMatch-

Node

uiusg-pro-4_firmwareRange<4.4.57

AND

uiusg-pro-4Match-

Node

uier-10x_firmwareRange<2.0.9

uier-10x_firmwareMatch2.0.9-

uier-10x_firmwareMatch2.0.9hotfix2

uier-10x_firmwareMatch2.0.9hotfix4

uier-10x_firmwareMatch2.0.9hotfix5

AND

uier-10xMatch-

Node

uier-12_firmwareRange<2.0.9

uier-12_firmwareMatch2.0.9-

uier-12_firmwareMatch2.0.9hotfix2

uier-12_firmwareMatch2.0.9hotfix4

uier-12_firmwareMatch2.0.9hotfix5

AND

uier-12Match-

Node

uier-12p_firmwareRange<2.0.9

uier-12p_firmwareMatch2.0.9-

uier-12p_firmwareMatch2.0.9hotfix2

uier-12p_firmwareMatch2.0.9hotfix4

uier-12p_firmwareMatch2.0.9hotfix5

AND

uier-12pMatch-

Node

uier-4_firmwareRange<2.0.9

uier-4_firmwareMatch2.0.9-

uier-4_firmwareMatch2.0.9hotfix2

uier-4_firmwareMatch2.0.9hotfix4

uier-4_firmwareMatch2.0.9hotfix5

AND

uier-4Match-

Node

uier-6p_firmwareRange<2.0.9

uier-6p_firmwareMatch2.0.9-

uier-6p_firmwareMatch2.0.9hotfix2

uier-6p_firmwareMatch2.0.9hotfix4

uier-6p_firmwareMatch2.0.9hotfix5

AND

uier-6pMatch-

Node

uier-8-xg_firmwareRange<2.0.9

uier-8-xg_firmwareMatch2.0.9-

uier-8-xg_firmwareMatch2.0.9hotfix2

uier-8-xg_firmwareMatch2.0.9hotfix4

uier-8-xg_firmwareMatch2.0.9hotfix5

AND

uier-8-xgMatch-

Node

uier-x_firmwareRange<2.0.9

uier-x_firmwareMatch2.0.9-

uier-x_firmwareMatch2.0.9hotfix2

uier-x_firmwareMatch2.0.9hotfix4

uier-x_firmwareMatch2.0.9hotfix5

AND

uier-xMatch-

Node

uier-x-sfp_firmwareRange<2.0.9

uier-x-sfp_firmwareMatch2.0.9-

uier-x-sfp_firmwareMatch2.0.9hotfix2

uier-x-sfp_firmwareMatch2.0.9hotfix4

uier-x-sfp_firmwareMatch2.0.9hotfix5

AND

uier-x-sfpMatch-

CPENameOperatorVersion
ui:usg_firmwareui usg firmwarelt4.4.57

CPE	Name	Operator	Version
ui:usg_firmware	ui usg firmware	lt	4.4.57

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Ubiquiti EdgeRouter(s) and USG(s)",
    "versions": [
      {
        "version": "EdgeRouter(s) Version 2.0.9-hotfix.6 or later and USG(s) to Version 4.4.57 or later",
        "status": "affected"
      }
    ]
  }
]

References

community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for CVE-2023-23912

prion1 nvd1 zdi1 cvelist1