Unifi Log4J Attack Vector?

So I get that Ubiquiti updated their controller version to 6.5.54 to mitigate the Log4J vulnerability- great!

What is the attack method or vector for vulnerable controllers? How would a “bad actor” be able to attack a system- wouldn’t it have to be from within the network? Or is the controller vulnerable by the fact that it is connecting to the Unifi Cloud?

Just trying to understand how this works and prioritize my updates. I have some clients on old Gen1 Cloud Keys and my experience is they don’t take 6.5.x too well. So I’m in the process of getting them Gen2 devices, but that won’t happen overnight.

Any local Ingress port that is listening on the controller is a potential way in, not sure which ones are attached to logging and UniFi is not disclosing that detail. If those ports are open to the public internet then they are probably being scanned and probed right now for the vulnerability.

Had the same questions. I have a controller for a few clients that is running 5.14.23. I’m not in the mindset to move this to release 6 yet, so I came across this post on UI’s forum.


I’ll be going this route to patch the controller, appears its working without much hang up (if at all).

It is my understanding that the new versions of Java do NOT fully solve the issues, they just make it a bit more challenging to exploit.