We got this notification from UBNT. Did anyone else also get it?

Is this true, another vulnerability?

Thanks,
Eduardo


From: Ubiquiti Networks [mailto:[email protected]] 
Sent: Monday, March 20, 2017 11:33 AM
Subject: airOS Vulnerability Issue Update



Addressing Security Concerns. We take network security very seriously and have 
fixed the command injection vulnerability for all affected products: airMAX®, 
airGateway®, TOUGHSwitch™, and airFiber®......


                             SOFTWARE 
                             OPERATOR 
                             UNIFI 
                             CONSUMER 
                             PRODUCTS 
                             BUY 
                             
                       
                 
           
                                   I M P O R T A N T 




                                 



                                 
                             



                                Addressing Security Concerns
                                We take network security very seriously and 
have fixed the authenticated command injection vulnerability for all affected 
products: airMAX®, airGateway®, TOUGHSwitch™, and airFiber®; please upgrade the 
firmware for your devices. UniFi®, EdgeMAX®, and AmpliFi™ products are not 
affected. 

                                While we acknowledge that all vulnerabilities 
are serious, we believe this issue rates fairly low in terms of threat 
severity, because it requires being authenticated to the management web 
interface, or tricking an authenticated administrator into opening a targeted, 
crafted URL in the browser where they are logged in to the affected device. 
Ubiquiti strongly backs our security measures: 

                                ·         Dedicated Security Director focused 
100% on Ubiquiti® software vulnerabilities and supported by a strong group of 
engineers 





                                ·         Participation in third-party 
vulnerability assessment programs such as HackerOne, where we have given out 
substantial rewards





                                ·         Significant investment retaining 
third-party external security audit company to review our software solutions 
frequently

                                We’re currently addressing the php2 code 
concern, which will be eliminated from applicable code bases within the next 
few weeks.
                                 




                                 



                                 
                             
                       
                 
           
                              Latest Firmware Updates
                              Ubiquiti has updated the firmware for the 
affected devices. Please update the firmware of your devices to the version 
listed here:

                                

                                DEVICES
                                 USE FIRMWARE
                                 

                                 v6.0.1 or later
                                 

                                 v8.0.1 or later
                                 

                                 v1.3.4 or later
                                 

                                 v1.1.8 or later
                                 

                                 v3.2.2 or later 
                                 

                                 v3.2.2 or later
                                 

                                 v3.4.1 or later
                                 

                                 v3.6.1 or later
                                 

                                

                              For questions, contact our support team.
                             

                             
                       
                 
           
                       
                 
           
                                Copyright © 2017, Ubiquiti Networks, Inc. All 
Rights Reserved. 
                                Ubiquiti Networks 685 Third Avenue, 27th Floor 
New York, NY 10017 USA
                                 
                                Share this on: 

                                 
                             
                                Unsubscribe   |    Update Preferences   |    
View in browser
                                 
                                Follow: Facebook   |    Twitter   |    YouTube 
                                 
                             
                       
                 
           
     


_______________________________________________
Ubnt_users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/ubnt_users

Reply via email to