CVE-2024-22054
published 2024-02-20CVE-2024-22054: A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.52%
39.9th percentile
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.
Affected Products:
UniFi Access Points
UniFi Switches
UniFi LTE Backup
UniFi Express (Only Mesh Mode, Router mode is not affected)
Mitigation:
Update UniFi Access Points to Version 6.6.55 or later.
Update UniFi Switches to Version 6.6.61 or later.
Update UniFi LTE Backup to Version 6.6.57 or later.
Update UniFi Express to Version 3.2.5 or later.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | unifi_access_points | >= 6.6.55 < 6.6.55 | 6.6.55 |
| ubiquiti_inc | unifi_express | >= 3.2.5 < 3.2.5 | 3.2.5 |
| ubiquiti_inc | unifi_lte_backup | >= 6.6.57 < 6.6.57 | 6.6.57 |
| ubiquiti_inc | unifi_switches | >= 6.6.61 < 6.6.61 | 6.6.61 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-20
Published