Description

Due to vulnerabilities in Log4j library used by Ubiquiti Unifi, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of Ubiquiti Unifi

References

UniFi Network Application 6.5.55

Related Vulnerabilities

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)

RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)

XML external entity injection via File Upload

WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)

Apache Shiro Deserialization RCE

Severity

High

Classification

CVE-2021-44228 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Acumonitor Code Execution Information Disclosure