02.03.2022

Ubiquiti UniFi Security Advisory

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 02/3/2022

Action Level - Critical

Description

Following the release of the widespread Log4J vulnerability (CVE-2021-44228) in December, security researchers have now observed an exploit in the wild targeting vulnerable Ubiquiti UniFi devices. This exploit could allow a remote attacker to execute code and make changes to your network configuration. A fix for this vulnerability was released in December, and this attack is only effective against non-updated devices. We recommend verifying patch levels of all Ubiquiti devices on your network and patching out of date devices as soon as possible.

Affected Devices

  • Ubiquiti Unifi Network 6.5.53 and earlier

Mitigation

  • In addition to patching, Ubiquiti also recommends disabling external access to these devices if currently enabled.

Remediation

  • Update to Unifi Network 6.5.54 or later

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC