Sherbrooke, Canada – December 14th, 2021.
A major security flaw in the Apache Log4j Java library was recently identified, allowing users to bypass the security measures in place. The relative ease of this exploit creates potential conditions for far-reaching exploitation (similar to Shellshock).
Aware of the significance of the issue, M5 technologies investigated the exploit and analyzed its source code for vulnerabilities. Fortunately, Mediatrix gateways, ATAs and SBCs, and M5T SDKs do not use the impacted Apache Log4j Java library and, therefore, are not vulnerable to the Log4Shell exploit.
Impact on Mediatrix customers
As the Sentinel 400 allows a Virtual Machine (VM) that could be using the affected Java library to be installed on the system, customers using a VM licence are advised to ensure that the services installed are safe and that the VM itself is protected from any form of malicious attacks.
Apache website – Security update
SharkStriker website – Issues update
CVE-2021-44228 – Vulnerability initial disclosure
ABOUT M5 TECHNOLOGIES
M5 Technologies is a Sherbrooke, Quebec, based global supplier of multimedia communication solutions, well-known for its reliable, carrier-grade Mediatrix gateways. With a focus on innovation and excellence in customer support, M5 Technologies delivers highly adaptive hardware and software components for business multimedia communications and collaboration. M5 Technologies is present worldwide with local representatives in North and Latin America, Europe, and the Middle East.