// #network-equipment
3 articles
UniFi OS Bulletin 064 Post-Disclosure Forensics: Detecting Compromise on Ubiquiti Controllers
Two days after Ubiquiti published Security Bulletin 064 with three CVSS 10.0 vulnerabilities, security teams should be confirming that patches have applied and hunting for indicators of pre-patch compromise. This guide covers the specific log sources, indicators, and commands available on UniFi OS devices for detecting exploitation activity.
Ubiquiti UniFi OS Security Bulletin 064: Three CVSS 10.0 Vulnerabilities Enable Unauthenticated Full Device Compromise
Ubiquiti published Security Bulletin 064 on 22 May disclosing five CVEs in UniFi OS devices, three of which score CVSS 10.0: an improper access control flaw, a path traversal enabling arbitrary file read and write, and a command injection that provides root shell access — all exploitable without authentication from the network. Enterprise environments using UniFi Wi-Fi infrastructure must update immediately.
SonicWall EoL Highlights an Asset Management Gap: Network Equipment Lifecycle Tracking in Enterprise Environments
The SonicWall Generation 6 end-of-life situation reveals a consistent gap in enterprise asset management: network equipment EoL dates are not tracked with the same rigour as software licence renewals or server hardware refresh cycles. Organisations with accurate, proactively managed network equipment lifecycle records have a weeks-to-months advantage in responding to EoL-driven security risks.