mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-23 00:50:48 +00:00
Merge pull request #167 from santosomar/patch-1
Updating Cisco Products
This commit is contained in:
commit
3117d01119
1 changed files with 5 additions and 3 deletions
|
@ -4,7 +4,7 @@ This repository provides CISA's guidance and an overview of related software
|
||||||
regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and
|
regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and
|
||||||
administrators to review the
|
administrators to review the
|
||||||
[official Apache release](https://logging.apache.org/log4j/2.x/security.html)
|
[official Apache release](https://logging.apache.org/log4j/2.x/security.html)
|
||||||
and upgrade to Log4j 2.16.0 or apply the recommended mitigations immediately.
|
and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
|
||||||
|
|
||||||
The information in this repository is provided "as is" for informational
|
The information in this repository is provided "as is" for informational
|
||||||
purposes only and is being assembled and updated by CISA through
|
purposes only and is being assembled and updated by CISA through
|
||||||
|
@ -23,8 +23,11 @@ or imply their endorsement, recommendation, or favoring by CISA.
|
||||||
|
|
||||||
## CISA Current Activity Alerts ##
|
## CISA Current Activity Alerts ##
|
||||||
|
|
||||||
|
- [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
|
||||||
- [CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228)
|
- [CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228)
|
||||||
|
|
||||||
|
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
|
||||||
|
|
||||||
## Mitigation Guidance ##
|
## Mitigation Guidance ##
|
||||||
|
|
||||||
CISA urges organizations operating products marked as "Fixed" to immediately
|
CISA urges organizations operating products marked as "Fixed" to immediately
|
||||||
|
@ -39,8 +42,6 @@ implement alternate controls, including:
|
||||||
- Ensure that any alerts from a vulnerable device are immediately actioned.
|
- Ensure that any alerts from a vulnerable device are immediately actioned.
|
||||||
- Report incidents promptly to CISA and/or the FBI [here](https://www.cisa.gov/uscert/report).
|
- Report incidents promptly to CISA and/or the FBI [here](https://www.cisa.gov/uscert/report).
|
||||||
|
|
||||||
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
|
|
||||||
|
|
||||||
## Status Descriptions ##
|
## Status Descriptions ##
|
||||||
|
|
||||||
| Status | Description |
|
| Status | Description |
|
||||||
|
@ -333,6 +334,7 @@ This list was initially populated using information from the following sources:
|
||||||
| Cisco | Cisco DNA Assurance | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
| Cisco | Cisco DNA Assurance | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
||||||
| Cisco | Cisco DNA Center | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
| Cisco | Cisco DNA Center | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
||||||
| Cisco | Cisco DNA Spaces | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
| Cisco | Cisco DNA Spaces | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
||||||
|
| Cisco | DUO network gateway (on-prem/self-hosted) | | Under Investigation | | | | | |
|
||||||
| Cisco | Cisco Elastic Services Controller (ESC) | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
| Cisco | Cisco Elastic Services Controller (ESC) | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
||||||
| Cisco | Cisco Emergency Responder | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
| Cisco | Cisco Emergency Responder | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
||||||
| Cisco | Cisco Enterprise Chat and Email | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
| Cisco | Cisco Enterprise Chat and Email | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | |
|
||||||
|
|
Loading…
Reference in a new issue