M5 Technologies’ statement on Log4Shell vulnerability

Sherbrooke, Canada – December 14th, 2021. 

A major security flaw in the Apache Log4j Java library was recently identified, allowing users to bypass the security measures in place. The relative ease of this exploit creates potential conditions for far-reaching exploitation (similar to Shellshock).

Aware of the significance of the issue, M5 technologies investigated the exploit and analyzed its source code for vulnerabilities. Fortunately, Mediatrix gateways, ATAs and SBCs, and M5T SDKs do not use the impacted Apache Log4j Java library and, therefore, are not vulnerable to the Log4Shell exploit.

 

Impact on Mediatrix customers

As the Sentinel 400 allows a Virtual Machine (VM) that could be using the affected Java library to be installed on the system, customers using a VM licence are advised to ensure that the services installed are safe and that the VM itself is protected from any form of malicious attacks.

 

References

Apache website – Security update

SharkStriker website – Issues update

CVE-2021-44228 – Vulnerability initial disclosure

 

ABOUT M5 TECHNOLOGIES

M5 Technologies is a Sherbrooke, Quebec, based global supplier of multimedia communication solutions, well-known for its reliable, carrier-grade Mediatrix gateways. With a focus on innovation and excellence in customer support, M5 Technologies delivers highly adaptive hardware and software components for business multimedia communications and collaboration. M5 Technologies is present worldwide with local representatives in North and Latin America, Europe, and the Middle East.

Use the following links to learn more about M5T Products and Solutions!