SSO Login is being implemented on this site. Existing users: Your existing password must be reset the first time you login using SSO. Click here to reset your password first before login. Your new username will be your email.

Trending KB Articles

threatindexblog.jpg

Infoblox NIOS and BloxOne products not vulnerable to CVE-2021-44228

Jan 7, 2021Knowledge
 

Summary:

 

Recently, a critical vulnerability related to Log4j was identified under CVE-2021-44228. This vulnerability allows attackers to send and execute code remotely. Additional Log4j vulnerabilities have since been identified: CVE-2017-5645, CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832.

 

CVSS:3.0 10.0

 

Overview and Impact:

 

CVE-2021-44228 is the designation for this vulnerability and affects Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features. 

 

Upgrading to version 2.17 is the recommended remediation based on CVE-2021-45105.

 

Confirmed Not Impacted 

 

  • NIOS 8.4.x, 8.5.x, 8.6.x
    • Additionally, current FIPS and Common Criteria releases are also not impacted
  • BloxOne Products
    • BloxOneDDI
    • BloxOne Threat Defense

Affected

 

  • Patches for the following NetMRI versions have been released:
    • V7.3.X-NETMRI-34930
    • V7.4.X-NETMRI-34930
    • V7.5.X-NETMRI-34930

Workaround: 

 

  • Apply NetMRI hotfix, if AutoUpdate feature is not enabled.

 

Resolution: 

 

No action is required for NIOS or BloxOne products identified above.

 

 



Showing results for 
Search instead for 
Did you mean: