|
Vulnerability of handshake traffic on Wi-Fi Protected Access II (WPA2)
Allied Telesis K.K.
Release 2021.12.16
Updated 2022.06.15
Japanese Page (日本語ページ) >
Apache Log4j vulnerability
Allied Telesis products do not have the below vulnerability.
1) Summary
A high severity vulnerability, CVE-2021-44228, has been reported in Apache Log4j, a popular Java logging package.
Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack.
2) Affected Products
None.
3) Detail
Allied Telesis products do not implement Apache Log4j or implement Apache Log4j,
but they are not affected by this vulnerability.
Therefore all our products are safe from this vulnerability.
■ Not implement Apache Log4j
- All AlliedWarePlus products
- Non AlliedWarePlus switches
- Non AlliedWarePlus routers
- AT-VST-APL, AT-VST-VRT
- AlliedView NMS Standard Edition
- All wireless products
- AT-SESC, AMF Security
- All media converter products
■ Apache Log4j library is installed, but it is the fixed version
- AT-Vista Manager EX Ver.3.9.0 and newer
■ The affected version of the Apache Log4j library is installed, but not used
- AT-Vista Manager EX Ver.3.0.3 - Ver.3.8.0
■ The affected version of the Apache Log4j library is installed and used limitedly,
but implemented so as not to be affected by this vulnerability
- AT-Vista Manager EX Ver.3.0.2 and older
Note: The Ver.3.0.2 and older version are no longer supported.
|
