Log4j Zero Day and Unifi

Please don't ignore it - Log4J isn't just a bonfire of a zero day - it's way way worse 🔥🔥🔥

Published 12/14/2021
Leave a comment

I can only really speak to Unifi... so...

In shorts 🩳

If you're a client of mine your either not affected or are patched 👍


Otherwise 👎 - If you run your own Unifi Network Controller (java) you need to update even if you don't expose the Web UI or behind a proxy, you will still be vulnerable 🙄 sigh yes you are, update. - explanations skipped (TM) 


🔐 If you have Unifi Devices managed by a 3rd parties controller, i.e. Just access point's then there are a few mitigation checks you need to follow. Then your golden.

🔐 Access points themselves aren't affected however, because the network controller application can open a remote console on devices - this does pose a security 🗡 risk 😨🤯 to you. 

🔐 If you don't know, not sure, or have unsupported equipment you can always unplug.


📅 This is a nasty zero day, hitting all sorts but if we all patch were great.


Cyber Security isn't a joke - If you need help, send me a message, or give me a call or carrier pigeon whatever works for you. 

Leave a comment

Your email address will not be published, comments will be reviewed for content before being published.