CVE-2024-22054

Description

A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.

References

Link	Tags
https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027

Frequently Asked Questions

What is the severity of CVE-2024-22054?: CVE-2024-22054 has been scored as a high severity vulnerability.
How to fix CVE-2024-22054?: To fix CVE-2024-22054, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-22054 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-22054 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-22054?: CVE-2024-22054 affects Ubiquiti Inc UniFi Access Points, Ubiquiti Inc UniFi Switches, Ubiquiti Inc UniFi LTE Backup, Ubiquiti Inc UniFi Express .

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions