Accessibilité Passer au contenu
Identifiant de l'article: 000063932
Date de dernière modification: 12/17/2021
Access Level: Public

Security Advisory Poly Systems – Apache Log4j

Data Published: 12/13/2021 Advisory ID: PLYGN21-08 CVE ID: CVE-2021-44228 CVSS Score:10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H


 
Vulnerability Summary A critical remote command execution (RCE) vulnerability in Apache Log4j (CVE-2021- 44228) was publicly disclosed on December 9th, 2021. Apache has released a patch for vulnerable versions. Upon notice of the vulnerability, Poly's incident response process was initiated and we have been conducting a thorough investigation to determine the potential exposure of Poly products and services to this vulnerability. The internal assessment conducted manual and automated reconnaissance of all currently supported Poly products to identify potentially vulnerable products. This investigation also included testing potentially vulnerable products for exploitation viability. This effort is a top priority and we will continue to update this advisory as more information is available with information about affected products. Please note that this is an ongoing investigation and information related to any product or service may change as we continue the investigation. Any product not listed is still under investigation.   Please visit the Security Center for the latest Advisory and to continue reading: https://support.polycom.com/content/support/security-center.html


KB(47829)