Tecom products affected: NONE
On December 9, Apache confirmed a new zero-day vulnerability impacting the Apache Log4j utility.
Apache Log4j Zero-day Remote Code Execution (RCE) Vulnerability (CVE-2021-44228) allows a remote attacker to take control of an affected system and is widely used throughout many products in the technology sector. Apache have already released a patch to resolve this issue and provided advice on upgrading to Log4j v2 on affected systems. For additional details about this vulnerability, affected versions and solutions, please reference the Apache Logging Services alert.
The local Tecom engineering team have completed an audit of our hardware and software products, and we are able to confirm that there are no products in the Tecom range which are affected by this vulnerability.
Products confirmed to be unaffected and therefore safe from this threat include all of our current software products (TecomC4, WMS, CTPlus, and Forcefield), all Tecom Challenger hardware (Challenger10, ChallengerPlus, Network Access Controller, and all accessories), as well as our legacy software products (Security Commander, and Titan).
Whilst our products have been confirmed to be safe from this vulnerability, we would urge customers using any 3rd party integrations to our products to check with the relevant manufacturers around whether these integrations are affected.