Apache Log4j2 Vulnerability

Log4Shell” is a major security flaw that is exploited due to a particular line of code in the Apache Software Foundation (ASF) Log4J package, a widely used open-source Java logging utility. Though there appears to be little to no risk with the software products installed on Clear Cube Technology devices, we have below you will find statements from two of our primary device OS providers, Stratodesk (aka “Clear Cube Cloud OS”) and Teradici.

The Clear Cube Support team is available to answer your questions and talk you through the process of updating your devices or management console software to the latest Stratodesk NoTouch Center 4.5.231, as appropriate. You can reach our Support team by:

Going to www.clearcube.com

Email us at support@clearcube.com, or

Call us at 866-652-3400

*************************************************************************

From Stratodesk:

unnamed

In an effort to swiftly prevent any security issues for Stratodesk customers, we released Stratodesk NoTouch Center 4.5.231 on Saturday, December 11, 2021. This version and any future versions contain the updated, unsusceptible Log4J 2.15.0 (or newer) version. In a properly up to date Stratodesk Virtual Appliance, it seems the malicious Remote Code Execution is actually not possible because we use Java version 11.0.x, which has the malicious code disabled by default. Nevertheless, Stratodesk strongly recommends to update to Stratodesk NoTouch Center 4.5.231.

Stratodesk NoTouch OS does not use Log4J at all; furthermore a Stratodesk Virtual Appliance in Cloud Xtension mode also doesn’t use Log4J.

Another quick mitigation, regardless of your subscription status, is to update the Stratodesk Virtual Appliance to 1.0-657 as it will use a mitigation technique based on the Log4J.formatMsgNoLookups=true setting. In other words, if you don’t want to update Stratodesk NoTouch Center right away, please ensure you are running 1.0-657 as per “Updating the Stratodesk Virtual Appliance Software (KB).” Again, this is an alternate quick, easy and available solution regardless of your subscription status.

*************************************************************************

From Teradici:

unnamed 1

In response to concerns about Log4Shell/LogJam (CVE-2021-44228) we have reviewed our products and at this time have not identified an available exploit against them. Please visit HP Teradici Security Bulletin here: https://support.hp.com/us-en/document/ish_5268006

Item added to cart.
0 items - $0.00

This website uses cookies to improve your experience.
See our Privacy Policy to learn more.