A remote code execution vulnerability exists in Ubiquiti UniFi Network in the bundled Apache Log4j logging library.
Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via a web request, to execute arbitrary code with the permission level of the running Java process.

Binary data ubiquiti_unifi_network_log4shell.nbin

VendorProductVersionCPE
uiunifi_controllercpe:/a:ui:unifi_controller

Vendor	Product	Version	CPE
ui	unifi_controller		cpe:/a:ui:unifi_controller

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

www.nessus.org/u?37d1da9a

www.sprocketsecurity.com/blog/another-log4j-on-the-fire-unifi

trellix 1

ibm 52

threatpost 49

wallarmlab 1

trendmicroblog 1

hackerone 2

qualysblog 4

githubexploit 38

rapid7blog 7

cisa 1

osv 2

hivepro 3

msrc 3

nessus 11

veracode 1

kaspersky 3

impervablog 3

talosblog 1

cisa_kev 1

packetstorm 3

amd 1

mssecure 1

redhat 3

openvas 2

akamaiblog 1

fedora 1

cve 1

github 1

mmpc 1

ics 1

trellix

Log4J and The Memory That Knew Too Much

2022-01-19 00:00:00

ibm

Security Bulletin: IBM Netcool Agile Service Manager is affected by a vulnerability in Apache Log4j (CVE-2021-44228)

2021-12-23 18:45:10

Security Bulletin: Cloudera Data Platform is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

2022-01-17 14:19:15

Security Bulletin: A security vulnerability has been identified in Log4j 2 used in IBM Guardium Data Encryption (GDE) (CVE-2021-44228)

2021-12-20 04:50:43

threatpost

Multi-Ransomwared Victims Have It Coming–Podcast

2022-03-10 14:00:32

What the Log4Shell Bug Means for SMBs: Experts Weigh In

2021-12-14 17:54:47

Cyberattackers Target UPS Back-Up Power Devices in Mission-Critical Environments

2022-03-30 17:14:57

wallarmlab

Update on Log4Shell (CVE-2021-44228)

2021-12-10 20:22:36

trendmicroblog

Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited

2021-12-13 00:00:00

hackerone

U.S. Dept Of Defense: ███ ████████ running a vulnerable log4j

2021-12-31 00:55:49

U.S. Dept Of Defense: ██████████ running a vulnerable log4j

2021-12-11 00:16:38

qualysblog

Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation

2021-12-28 18:00:00

How to Make Log4Shell Remediation Quick & Effective

2022-01-11 16:58:48

What’s Next After Log4Shell?

2023-02-22 03:36:56

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-11 13:28:52

Exploit for Deserialization of Untrusted Data in Apache Log4J

2022-01-27 07:07:30

Exploit for Improper Input Validation in Apache Log4J

2021-12-21 08:13:35

rapid7blog

[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability

2022-01-19 21:47:30

Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations

2021-12-14 21:05:17

What's New in InsightVM and Nexpose: Q1 2022 in Review

2022-04-19 17:52:17

cisa

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

2022-06-23 00:00:00

osv

Critical vulnerability in log4j may affect generated PEAR projects

2021-12-16 21:01:51

Apache Log4j Remote Code Execution

2021-12-14 21:07:14

hivepro

Iranian hackers leveraged Log4Shell to penetrate US federal agency

2022-11-17 12:28:57

Lazarus’s Operation Blacksmith Deploys Novel Dlang RATs

2023-12-13 06:46:17

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

2022-04-05 12:57:28

msrc

CVE-2021-44228 Apache Log4j 2 に対するマイクロソフトの対応

2021-12-12 08:00:00

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

2021-12-12 05:28:18

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

2021-12-12 08:00:00

nessus

Cisco SD-WAN vManage Log4j Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)

2022-05-16 00:00:00

FreeBSD : graylog -- include log4j patches (3fadd7e4-f8fb-45a0-a218-8fd6423c338f)

2021-12-13 00:00:00

Ubuntu 16.04 ESM : Apache Log4j 2 vulnerability (USN-5192-2)

2021-12-17 00:00:00

veracode

Remote Code Execution (RCE)

2021-12-10 15:09:45

kaspersky

KLA12392 RCE vulnerability in Microsoft Azure

2021-12-16 00:00:00

KLA12395 RCE vulnerability in Microsoft SQL Server

2021-12-16 00:00:00

KLA12393 RCE vulnerability in Microsoft System Center

2021-12-16 00:00:00

impervablog

Analytics Are Essential for Effective Database Security

2022-01-13 15:23:02

Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions

2021-12-14 22:55:49

How We’re Protecting Customers & Staying Ahead of CVE-2021-44228

2021-12-11 02:31:39

talosblog

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

2024-02-21 13:54:48

cisa_kev

Apache Log4j2 Remote Code Execution Vulnerability

2021-12-10 00:00:00

packetstorm

Log4Shell HTTP Header Injection

2022-01-12 00:00:00

Intel Data Center Manager 5.1 Local Privilege Escalation

2022-12-09 00:00:00

MobileIron Log4Shell Remote Command Execution

2022-08-03 00:00:00

amd

AMD Response to Log4j (Log4Shell) Vulnerability

2021-12-15 00:00:00

mssecure

MERCURY and DEV-1084: Destructive attack on hybrid environment

2023-04-07 16:00:00

redhat

(RHSA-2021:5130) Critical: Red Hat Integration Camel-K 1.6.2 release and security update

2021-12-14 17:51:25

(RHSA-2021:5126) Critical: Red Hat Integration Camel Extensions for Quarkus GA security update

2021-12-14 16:15:45

(RHSA-2021:5093) Critical: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update

2021-12-14 15:57:34

openvas

openSUSE: Security Advisory for logback (openSUSE-SU-2021:1613-1)

2022-02-01 00:00:00

Debian: Security Advisory (DLA-2842-1)

2021-12-13 00:00:00

akamaiblog

Threat Intelligence on Log4j CVE: Key Findings and Their Implications

2021-12-17 19:30:00

fedora

[SECURITY] Fedora 34 Update: log4j-2.16.0-1.fc34

2021-12-22 01:14:26

cve

CVE-2021-44228

2021-12-10 10:15:09

github

Using GitHub’s security features to help identify Log4j exposure in your codebase

2021-12-14 19:46:00

mmpc

MERCURY and DEV-1084: Destructive attack on hybrid environment

2023-04-07 16:00:00

ics

Sensormatic PowerManage (Update A)

2022-03-08 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

JSON

Related for UBIQUITI_UNIFI_NETWORK_LOG4SHELL.NBIN