Login Sign Up

CVE-2023-35085

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

An integer overflow vulnerability in UniFi network devices with SNMP monitoring enabled allows remote attackers to execute arbitrary code. This affects all UniFi Access Points (v6.5.50 and earlier) and Switches (v6.5.32 and earlier), excluding Switch Flex Mini. Devices with default settings are vulnerable.

💻 Affected Systems

Products:
  • UniFi Access Points
  • UniFi Switches
Versions: Access Points: v6.5.50 and earlier; Switches: v6.5.32 and earlier
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Switch Flex Mini is NOT affected. Vulnerability requires SNMP monitoring to be enabled.

📦 What is this software?

Unifi Switch Firmware by Ui

View all CVEs affecting Unifi Switch Firmware →

Unifi Uap Firmware by Ui

View all CVEs affecting Unifi Uap Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker gains full control of affected device, potentially pivoting to internal network or disrupting operations.

🟠

Likely Case

Remote code execution leading to device compromise, data exfiltration, or network disruption.

🟢

If Mitigated

No impact if devices are patched or SNMP monitoring is disabled on vulnerable versions.

🌐 Internet-Facing: HIGH - Devices exposed to internet with SNMP enabled are directly exploitable.
🏢 Internal Only: HIGH - Internal attackers can exploit this if SNMP is enabled.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS 9.8 indicates critical severity with low attack complexity. No public exploit code known at advisory time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Access Points: v6.5.62 or later; Switches: v6.5.59 or later

Vendor Advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56

Restart Required: Yes

Instructions:

1. Log into UniFi Network Controller. 2. Navigate to Devices section. 3. Select affected devices. 4. Click 'Upgrade' to apply latest firmware. 5. Reboot devices after update.

🔧 Temporary Workarounds

Disable SNMP Monitoring

all

Temporarily disable SNMP monitoring on vulnerable devices until patching is complete.

In UniFi Controller: Settings > System > SNMP > Disable SNMP

🧯 If You Can't Patch

  • Disable SNMP monitoring on all vulnerable devices immediately.
  • Isolate affected devices to separate VLAN with strict network access controls.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version in UniFi Controller under Devices > select device > Properties.

Check Version:

In UniFi Controller CLI: info | grep Version

Verify Fix Applied:

Confirm firmware version is v6.5.62+ for Access Points or v6.5.59+ for Switches.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SNMP traffic patterns
  • Unexpected device reboots
  • Unauthorized configuration changes

Network Indicators:

  • Abnormal SNMP requests to UniFi devices on UDP port 161
  • Unexpected outbound connections from UniFi devices

SIEM Query:

source="unifi-device" AND (event_type="firmware_update" OR event_type="config_change")

📊 Metadata

CVE ID: CVE-2023-35085
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: August 10, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35085, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)