Subheading: Ubiquiti AP and Switch SNMP Monitoring: CVE-2023-35085 and DHCP Client Vulnerability: CVE-2023-38034
Hey @Leo,
I was hoping that you’ll get his. I heard this evening on your show that you have Ubiquiti APs and Switches installed in your home and maybe your studio. Tonight I saw this Security Notice (https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56) posted on the Ubiquiti Community Website and thought you might be interested.
Chasing down the CVE CVSS 3.0 scores at a 9.0 for CVE-2023-35085 and 8.4 for CVE-2023-38034 (out of 10.0). As you know, these aren’t excellent scores.
The first vulnerability is with the SNMP agent on each AP and switch. With a typical household or business network, SNMP would typically be blocked from the Internet. So not much of a worry unless you offer open WiFi or guest ethernet access. So either disable SNMP on all APs and Switches using the Ubiquiti Network Application or apply the newest firmware updates.
For the second vulnerability, the flaw is with the DHCP client. Again, the attacker must be on your local network to exploit the vulnerability. The problem is with the AP or switch picking up an IP address. It should be no issue if you are using fixed IP addresses for your APs and switches. If not, you probably want to patch it as soon as you can get to it.
Or you can go all The Treasure of Sierra Madre:
“Patches! Patches? We don’t need no stinkin’ patches.”
My deepest apologies to any Bogart and Huston fans. Again hope this reaches you, and good luck. If you have any questions or ask Steve, I’m sure he can make a meal of this.
By the way, I run the same kit and hear the same “Dear; there’s something going on with the network…” occasionally.
Kind Regards Bill
Also sent to info@twit.tv