CVE-2023-23119
Last modified
CVE-2023-23119 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ui | Af-2x Firmware | < 3.2.2 |
References
- https://community.ui.com/tags/security/releasesVendor Advisory
- https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SkYce4f5oExploit, Third Party Advisory
- https://community.ui.com/tags/security/releasesVendor Advisory
- https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SkYce4f5oExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-23119?
How severe is CVE-2023-23119?
How do I fix CVE-2023-23119?
Are you affected by CVE-2023-23119?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST