Apache Log4j Vulnerability

Apache Log4j Vulnerability
Photo by Thomas Jensen / Unsplash

The internet is running wild with the newest zero day that exploits Apache's Log4j2. If you haven't heard about it, a simple search will bring up hundreds of articles detailing what it is and how it could potentially affect you. I wont get into those details as it has been covered plenty by every major security team on the internet.

I did want to highlight one system that it does effect, one that personally came to mind when I read about the vulnerability, and that is Unifi's network controller software. the Unifi controller software runs on java and impliments Log4j 2.13.3. I could see this being a system that bad actors would find high value in attacking as it is very common and is implimented by a lot of people that may not know how to properly secure or patch it. If it is truely vulneralble to this zero day then potentially millions of networks are vulnerable.

The unifi community forum already has a post available and a potential fix until the official unifi update is relesaed, you can find it Here. Hopefully Unifi will have an update out very soon addressing this. Until then consider patching it yourself and check any other systems running on your network.