Security Advisory Bulletin 004

by Ubiquiti Employee Wednesday - last edited Wednesday

Updated: May 15th, 2019

First Published: May 15th, 2019

Version: 1.0

Revision: 1.0

 

Summary

 

We have recently released new versions of UAP, UAP-AC, USW, USG firmware and UniFi Network Controller that fixes vulnerabilities found in 4.0.5, 3.8.16, 4.4.33, 5.10.11 and prior, according to the description below:

 

The encryption protocol between the devices and the controller were using AES-CBC, which is insecure and with enough of these packets a decryption key could be found that allowed a malicious actor to gain control over devices on the network.

These vulnerabilities were fixed in the UniFi Controller v5.10.12 using firmware version 4.0.6 for UAP/USW and 4.4.34 for USG. This is also fixed in UniFi Controller 5.6.42 with firmware 3.8.17 for EOL UAP-AC models.

 

Details:

The changes included in firmware (mentioned above) changes the encryption protocol for communication between Ubiquiti devices and the UniFi Network Controller to the more secure AES-GCM protocol instead of AES-CBC.



Affected Products:

UniFi Network Controller prior to 5.10.12 (excluding 5.6.42)

UniFi UAP FW prior to 4.0.6

UniFi UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17

UniFi USW FW prior to 4.0.6

UniFi USG FW prior to 4.4.34

 

Mitigation:

Update to UniFi Controller to at least v5.6.42 or v5.10.12+ and update all devices to versions suggested above.

 

Impact:


CVSS v3.0 Severity and Metrics:

Base Score: 8.3 HIGH

Vector: AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H (V3 legend)

 

Reference Links:

https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-Network-Controller-5-10-23-Stable-has-been-re...

https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-Network-Controller-5-6-42-Stable-has-been-rel...