Why you should care about the Log4J vulnerability
Apache is an HTTP server that is open-source, cross platform and represents about 33% of all websites on the internet and countless applications that utilize parts of it. Log4J is a Java logging library used by the Apache server and many of those applications. A vulnerability was recently discovered in Log4J that could allow an attacker to execute malicious code on the target system. The vulnerability specifically affects versions 2.x and 3.x of Log4J, and is due to a deserialization flaw in the Commons Collections library.
The recently published log4j flaws have affected more than 35,000 Java packages (nearly 8% of the Maven Central repository), with broad ramifications across the software industry. The vulnerabilities allow an attacker to execute remote code by exploiting the library’s insecure JNDI lookups feature.
If all that is mumbo jumbo to you, I’ll attempt to explain a little simpler. Java libraries are used across many applications because its open source the problem is really knowing what application utilizes these libraries. If your application utilizes the log4j library a hacker can now make your server/device execute a code that can be harmful to your systems, steal database usernames/passwords, etc.
So, if you are running a Unifi Ubiquity product on your network you are at risk of this attack. The threat level of this Zero-Day vulnerability is considered 10, the Highest, and has already been exploited in the wild. Everyone running outdated java libraries are advised to update their systems. In this case if your business uses Ubiquity products, it is very important to update everything as soon as possible.
The details of this vulnerability were released on Dec 9th along with a proof-of-concept exploit, demonstrating how to use it, along with security updates for the affected versions. Unifi Security team recommends you update your server / controller application ASAP, if not sooner! Fortunately, a patch has been released that fixes the vulnerability. However, if you are running a vulnerable version of Log4J, it is important to upgrade as soon as possible. If you are not sure whether or not your system is vulnerable, a good first step would be to check the Log4J version that is currently being used.
Here is the link to the application update:
https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1
It’s recommended to create a backup of your UniFi Network Application settings in the event you run into any issues.
As more applications get discovered that that rely on the vulnerable java library, we will continue to see this unfold probably for several weeks if not months to come. If you are not sure what systems might be vulnerable in your business, AlphaCIS can help, running a full system analysis will give you the list of applications, from there we can determine which of those could potentially have the Log4j exploit. Start here.
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity
