You are here

Unpatched Ubiquiti Network Devices Subject to Virus Attack Resulting in Denial of Service

2 posts / 0 new
Last post
w6rh
Unpatched Ubiquiti Network Devices Subject to Virus Attack Resulting in Denial of Service

Is everyone aware of this?
 
 
Self-propagating malware has infected thousands of devices from wireless equipment vendor Ubiquiti Networks running outdated airMAX, TOUGHSwitch, and airGateway firmware. Ubiquiti identified the vulnerability and released a patch in July 2015. We have seen an active outbreak of this virus recently on unpatched Ubiquiti network devices. The recent availability of active exploits and the ease with which they propagate means administrators should consider patching vulnerable systems a high priority. The malware scans for and distributes itself to other vulnerable systems, causing mass infections from the viru
 
 
Summary 
Self-propagating malware has infected thousands of devices from wireless equipment vendor Ubiquiti Networks running outdated airMAX, TOUGHSwitch, and airGateway firmware. Ubiquiti identified the vulnerability and released a patch in July 2015. We have seen an active outbreak of this virus recently on unpatched Ubiquiti network devices. The recent availability of active exploits and the ease with which they propagate means administrators should consider patching vulnerable systems a high priority. The malware scans for and distributes itself to other vulnerable systems, causing mass infections from the virus. 
 
Technical Details 
The virus affects the following Ubiquiti devices. For protection against the virus, devices should be running at least the firmware versions noted. All versions of firmware prior to those listed are vulnerable:  airMAX M (5.5.11 XM/TI, 5.5.10u2 XM, 5.6.2+ XM/XW/TI)  airMAX AC (7.1.3+)  ToughSwitch (1.3.2)  airGateway (1.1.5+)  airFiber (2.2.1+ AF24/AF24HD, 3.0.2.1+ AF5x) The virus gains access through the device’s hyper text transfer protocol (HTTP) and the secured HTTPS variant and denies access to the device. If the firmware is out of date, it leaves the HTTP and HTTPS interfaces exposed to the Internet, and the virus can access the device. The malware scans for subnets and will distribute itself to other Ubiquiti systems it identifies. 
 
Recommended Steps for Initial Mitigation 
Ubiquiti provided update, mitigation, and removal recommendations for this vulnerability in its community forum at 
http://community.ubnt.com/t5/airMAX-General-Discussion/Malware-Removal-Tool-05-15-2016/m-p/1564953

KG6JEI
See here:http://www.aredn.org
See here:
http://www.aredn.org/content/virus-vulnerability

Does not affect nodes once loaded with AREDN, only devices running AIROS.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer