Security News > 2020 > July > Ubiquiti, go write on the board 100 times, 'I must validate input data before using it'... Update silently breaks IDS/IPS

Its intrusion detection and prevention system feature on its gateway hardware fetched a set of rules from an outside source that were broken, and rather than ignore the invalid data and fall back to known-valid data, it simply silently stopped working.

What should have happened is that Ubiquiti should have validated the rules before passing them to customer equipment, and the firmware on the gadgets should not have thrown away its previous rules before installing, and failing on, the latest ones.

If either step had been taken, Threat Management would have continued operating as expected albeit using out of date rules.

"You are not currently protected from the rules ... The rules coming from Proofpoint aren't validated and are then distributed to all users. The lack of rule validation on the update scripts results in bad rules being loaded."

He then followed up: "The issue is resolved. The IPS/IDS auto-update rules daily, so it should fix itself. However, if you want to make this faster, please feel free to disable/enable IPS/IDS via GUI or manually update rules via SSH.".

News URL

https://go.theregister.com/feed/www.theregister.com/2020/07/23/ubiquiti_borked_by_rules/