log4j vulnerability – information about affected products from our vendors

Attackers can execute arbitrary code via a critical zero-day vulnerability called Log4Shell in the widely used Java logging library Log4j. The German Federal Office for Information Security (BSI) rates the risk posed by the vulnerability on the so-called CVSS scale at 10, the highest possible value.

Therefore, we would like to provide you with the necessary information about affected products below.

Translated with www.DeepL.com/Translator (free version)

The following products are currently certainly affected:

Poly – https://support.polycom.com/content/support/security-center.html (PLYGN21-08)

  • DMA Edge
  • DMA Core
  • and maybe RPAD

Cisco – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

  • CUCM ( Version11.5(1)SU7 – 11.5(1)SU10 )
  • CUPS ( Version 11.5(1)SU7 – 11.5(1)SU10 )
  • Unity Connection ( Version 11.5(1)SU7 – 11.5(1)SU10 )
  • Contact Center
  • SIP Proxy

According to current knowledge, the following products are not affected by the vulnerability:

Pexip – https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability
Infinity Plattform

Logitech
MTR System

Crestron
MTR System

Cisco

  • VCS / Expressway
  • CMS
  • Video endpoints
  • TMS

Poly – https://support.polycom.com/content/support/security-center.html (PLYGN21-08)
Video endpoints of X- and G7500 series

As of now, no manufacturer offers patched software or workarounds. It must be assumed that devices that can be reached from the Internet have already been compromised.

We recommend that devices directly accessible from the Internet are isolated by firewalls or shut down until patches are available. Before doing so, you should create a backup of the configuration.

If you need our assistance in assessing the situation or have any queries, please feel free to contact us at support@mvc.de.

Please note that in this article we will only discuss the products we sell and operate and not the full range of products offered by the manufacturers.