In the last week I have had Log4J and Bash Injection attempts being reported by my Meraki MX100 from my Unifi Devices (AP's and 8 Port Switches) against the Unifi Controller.
The notices are coming from several sites (all traffic is private over VPN, No part of the system is exposed publicly to the internet) I suspect these are false alerts by Meraki but how can I determine that 100%? Has anyone else noticed similar events?
The Controller is a windows VM running version 6.5.55.0 which is the latest version that is patched against Log4J
You need to contact the vender to give you the patch for this variability
Do you have advance security licenses in your MX ? as IPS can block this variability
B
I have the Advanced Security License
As noted above my equipment is patched against this vulnerability.
I suspect these to be false detections but am not sure how to confirm that.
Do you open port 80 for the Unifi Devices (AP's and 8 Port Switches) ?
No, I stated in the original question this is all internal traffic over VPN connections. there is no External Public WAN traffic allowed to the Unifi server
The source devices - are they something you could scan with an anti-malware scanner?
I think you have done as much as you reasonably can, and it is likely to be a false positive.
The source devices are Access Points and Switches under the management of the Controller (Destination Device). Not something I can scan 😞