threatindexblog.jpg

Infoblox NIOS and BloxOne products not vulnerable to CVE-2021-44228

Jan 7, 2021Knowledge
 

Summary:

 

Recently, a critical vulnerability related to Log4j was identified under CVE-2021-44228. This vulnerability allows attackers to send and execute code remotely. Additional Log4j vulnerabilities have since been identified: CVE-2017-5645, CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832.

 

CVSS:3.0 10.0

 

Overview and Impact:

 

CVE-2021-44228 is the designation for this vulnerability and affects Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features. 

 

Upgrading to version 2.17 is the recommended remediation based on CVE-2021-45105.

 

Confirmed Not Impacted 

 

  • NIOS 8.4.x, 8.5.x, 8.6.x
    • Additionally, current FIPS and Common Criteria releases are also not impacted
  • BloxOne Products
    • BloxOneDDI
    • BloxOne Threat Defense

Affected

 

  • Patches for the following NetMRI versions have been released:
    • V7.3.X-NETMRI-34930
    • V7.4.X-NETMRI-34930
    • V7.5.X-NETMRI-34930

Workaround: 

 

  • Apply NetMRI hotfix, if AutoUpdate feature is not enabled.

 

Resolution: 

 

No action is required for NIOS or BloxOne products identified above.

 

 



Showing results for 
Search instead for 
Did you mean: