Patching UniFi Against The Log4J CVE-2021-44228 Vulnerability [YouTube Release]

Additional Resources:

Dowload the updated controller here
https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1

Security bulletin
https://community.ui.com/releases/Security-Advisory-Bulletin-023-023/808a1db0-5f8e-4b91-9097-9822f3f90207?page=1

Reddit post about camera

UI Forum post about camera
https://community.ui.com/questions/Log4j-RCE-attack-coming-from-UniFi-Cameras-G3Flex/5b36e14d-21cc-4214-ba1d-281ecee59a40

Tutorial on Graylog

Connecting With Us

Lawrence Systems Shirts and Swag

►👕 https://teespring.com/stores/lawrence-technology-services

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
:shopping_cart: https://www.amazon.com/shop/lawrencesystemspcpickup

All Of Our Affiliates that help us out and can get you discounts!
:shopping_cart: Affiliates We Love - Lawrence Technology Services

Gear we use on Kit
:shopping_cart: Kit

Try ITProTV free of charge and get 30% off!
:shopping_cart: Learn technology and pass IT certifications with ITProTV

Use OfferCode LTSERVICES to get 10% off your order at
:shopping_cart: https://www.techsupplydirect.com/

Digital Ocean Offer Code
:shopping_cart: https://m.do.co/c/85de8d181725

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - UniFi cloud hosting

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: Buy VPN with Credit Card or PayPal | Private Internet Access

Patreon
:moneybag: lawrencesystems is creating Tech Tutorials & Reviews | Patreon

:stopwatch: Timestamps :stopwatch:
00:00 UniFi Controller 6.5.54
00:47 Log4J Attack Vectors
02:07 UniFi 6.5.54 Download
02:51 UniFi Protect Cameras
03:59 UniFi Indicators of Compromise

#UniFi #Log4j #Log4Shell

Just a word… I’m seeing this in my Suricata alerts on a port that runs my Shoutcast server connection. It’s coming from a TOR relay which already gets blocked, but the ET rules are also catching the java log exploit:

ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228)

So running Suricata with the ET rules might be a good idea for people that can’t patch an application. Not going to say it will be a catch all defense, but one more impediment in front of the attacker is always a good choice.

I will also say that the ET rules require a lot of exemptions to get through a normal day of work, you just have to keep on top of them as mentioned in Tom’s video on Suricata.

yes it is a double NAT, just what I have to deal with from work