CVE-2024-22054

Summary

A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.

Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected)

Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi Access Points6.6.55 < 6.6.55affected
Ubiquiti IncUniFi Switches6.6.61 < 6.6.61affected
Ubiquiti IncUniFi LTE Backup6.6.57 < 6.6.57affected
Ubiquiti IncUniFi Express3.2.5 < 3.2.5affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References