Overview
First Published: December 13, 2021Version: 1.1
Revision: 1.1
Summary
A vulnerable third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.
This vulnerability is fixed in UniFi Network Version 6.5.54 and later.
Affected Products:
UniFi Network application
Mitigation:
Update the UniFi Network application to Version 6.5.54 or later.
Impact:
CVSS v3.0 Severity and Metrics:
Base Score: 10.0 Critical
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2021-44530 David BERARD (polymorf)
Reference Links:
https://community.ui.com/releases/U...n-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1