Ubiquiti confirm Log4J CVE-2021-44228 applies to all versions pre 6.5.53

Written By Admin

Ubiquiti has released a security bulletin confirming all controller versions prior to 6.5.53 are vulnerable to Log4J CVE-2021-44228.

Clouduni.fi controllers are secured and monitored for all suspicious traffic.

Summary

A vulnerable third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. 

 

This vulnerability is fixed in UniFi Network Version 6.5.54 and later.

 

Affected Products:

UniFi Network application

Mitigation:

Update the UniFi Network application to Version 6.5.54 or later.

Source: https://community.ui.com/releases/Security-Advisory-Bulletin-023-023/808a1db0-5f8e-4b91-9097-9822f3f90207

Admin
Previous

Ubiquiti controller 6.5.55 release to further mitigate CVE-2021-45046 with log4j 2.16.0
Next

UniFi Network Application 6.5.54