log4j vulnerability – information about affected products from our vendors
Attackers can execute arbitrary code via a critical zero-day vulnerability called Log4Shell in the widely used Java logging library Log4j. The German Federal Office for Information Security (BSI) rates the risk posed by the vulnerability on the so-called CVSS scale at 10, the highest possible value.
Therefore, we would like to provide you with the necessary information about affected products below.
Translated with www.DeepL.com/Translator (free version)
According to current knowledge, the following products are not affected by the vulnerability:
Pexip – https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability
- VCS / Expressway
- Video endpoints
Poly – https://support.polycom.com/content/support/security-center.html (PLYGN21-08)
Video endpoints of X- and G7500 series
As of now, no manufacturer offers patched software or workarounds. It must be assumed that devices that can be reached from the Internet have already been compromised.
We recommend that devices directly accessible from the Internet are isolated by firewalls or shut down until patches are available. Before doing so, you should create a backup of the configuration.
If you need our assistance in assessing the situation or have any queries, please feel free to contact us at firstname.lastname@example.org.
Please note that in this article we will only discuss the products we sell and operate and not the full range of products offered by the manufacturers.