[Wien] Fwd: airOS Vulnerability Issue Update

Christoph Loesch Mon, 20 Mar 2017 12:05:04 -0700

Fyi


-------- Ursprüngliche Nachricht --------
Von: Ubiquiti Networks <[email protected]>
Gesendet: 20. März 2017 16:35:25 MEZ
An: [email protected]
Betreff: airOS Vulnerability Issue Update

Addressing Security Concerns. We take network security very seriously and have 
fixed the command injection vulnerability for all affected products: airMAX®, 
airGateway®, TOUGHSwitch™, and airFiber®......

http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=aaf676c586&e=b63bd29d30
 SOFTWARE 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=1048295eff&e=b63bd29d30)
 OPERATOR 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=e932fb2a43&e=b63bd29d30)
 UNIFI 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=4a4a97d333&e=b63bd29d30)
 CONSUMER 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=4e0d22d760&e=b63bd29d30)
 PRODUCTS 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=15167282f0&e=b63bd29d30)
 BUY 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=2cd78c8854&e=b63bd29d30)


**    I M P O R T A N T
------------------------------------------------------------


** Addressing Security Concerns
------------------------------------------------------------

We take network security very seriously and have fixed the authenticated 
command injection vulnerability for all affected products: airMAX®, 
airGateway®, TOUGHSwitch™, and airFiber®; please upgrade the firmware for your 
devices. UniFi®, EdgeMAX®, and AmpliFi™ products are not affected.

While we acknowledge that all vulnerabilities are serious, we believe this 
issue rates fairly low in terms of threat severity, because it requires being 
authenticated to the management web interface, or tricking an authenticated 
administrator into opening a targeted, crafted URL in the browser where they 
are logged in to the affected device. Ubiquiti strongly backs our security 
measures:
* Dedicated Security Director focused 100% on Ubiquiti® software 
vulnerabilities and supported by a strong group of engineers
* Participation in third-party vulnerability assessment programs such as 
HackerOne, where we have given out substantial rewards
* Significant investment retaining third-party external security audit company 
to review our software solutions frequently

We’re currently addressing the php2 code concern, which will be eliminated from 
applicable code bases within the next few weeks.


** Latest Firmware Updates
------------------------------------------------------------

Ubiquiti has updated the firmware for the affected devices. Please update the 
firmware of your devices to the version listed here:

DEVICES USE FIRMWARE
v6.0.1 or later 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=9763cfe57e&e=b63bd29d30)
v8.0.1 or later 
(http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=df372235a9&e=b63bd29d30)
v1.3.4 or later 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=ce7c1ebb09&e=b63bd29d30)
v1.1.8 or later 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=d64de911fc&e=b63bd29d30)
v3.2.2 or later 
(http://ubnt.us8.list-manage2.com/track/click?u=bc856e62a9254399365d0277b&id=db2ef090b3&e=b63bd29d30)
v3.2.2 or later 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=51fce813f5&e=b63bd29d30)
v3.4.1 or later 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=5f89c999bc&e=b63bd29d30)
v3.6.1 or later 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=49c035c062&e=b63bd29d30)


For questions, contact our support team 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=44a7f4d9a1&e=b63bd29d30)
 .
Copyright © 2017, Ubiquiti Networks, Inc. All Rights Reserved.
Ubiquiti Networks 685 Third Avenue, 27th Floor New York, NY 10017 USA

Share this on:
http://www.facebook.com/share.php?u=http%3A%2F%2Fus8.campaign-archive2.com%2F%3Fu%3Dbc856e62a9254399365d0277b%26id%3D2aa3db1354&t=airOS%20Vulnerability%20Issue%20Updatehttp://twitter.com/intent/tweet?text=airOS%20Vulnerability%20Issue%20Update%20-%20http%3A%2F%2Feepurl.com%2FcG1Bdvhttp://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fus8.campaign-archive2.com%2F%3Fu%3Dbc856e62a9254399365d0277b%26id%3D2aa3db1354&title=airOS%20Vulnerability%20Issue%20Updatehttp://us8.forward-to-friend.com/forward?u=bc856e62a9254399365d0277b&id=2aa3db1354&e=b63bd29d30

Unsubscribe 
(http://ubnt.us8.list-manage1.com/unsubscribe?u=bc856e62a9254399365d0277b&id=1c1b02cb37&e=b63bd29d30&c=2aa3db1354)
    |    Update Preferences 
(http://ubnt.us8.list-manage.com/profile?u=bc856e62a9254399365d0277b&id=1c1b02cb37&e=b63bd29d30)
    |    View in browser 
(http://us8.campaign-archive2.com/?u=bc856e62a9254399365d0277b&id=2aa3db1354&e=b63bd29d30)

Follow: Facebook 
(http://ubnt.us8.list-manage1.com/track/click?u=bc856e62a9254399365d0277b&id=7adbc02070&e=b63bd29d30)
    |    Twitter 
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=a7892259f4&e=b63bd29d30)
    |    YouTube 
(http://ubnt.us8.list-manage2.com/track/click?u=bc856e62a9254399365d0277b&id=068835f362&e=b63bd29d30)
   
(http://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=d77f9c2428&e=b63bd29d30)
-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

--
Wien mailing list
[email protected]
https://lists.funkfeuer.at/mailman/listinfo/wien

[Wien] Fwd: airOS Vulnerability Issue Update

Antwort per Email an