Main Vulnerability Database SB2019020503

SB2019020503 - DDoS attack in Ubiquiti devices

Published: February 5, 2019

Security Bulletin ID SB2019020503

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) DDoS attack (CVE-ID: N/A)

The vulnerability allows a remote attacker to conduct DDoS attack.

The weakness exists due to a flaw in a "discovery service" running on port 10001/UDP. A remote attacker can send small packets of 56 bytes to port 10001/UDP on Ubiquiti devices, which are reflecting and relaying the packets to a target's IP address amplified to a size of 206 bytes (amplification factor of 3.67).

Note: the vulnerability has been actively exploited since July 2018.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://twitter.com/troutman/status/1090212243197870081
https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/
https://www.us-cert.gov/ncas/alerts/TA14-017A

SB2019020503 - DDoS attack in Ubiquiti devices

Breakdown by Severity

Description

Remediation

References

Please verify you're human