Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Log4j - Log4Shell Critical 10/10 vulnerbility 11

Status
Not open for further replies.
The only effected releases are R11.0.4.1-R11.0.4.6 and R11.1, R11.1.1, and R11.1.2. If they are running earlier releases they are not effected and do not need a patch. If you have R11.0.4.X you need to upgrade to R11.0.4.6 to patch and if running R11.1 need to get to R11.1.2 to patch. Avaya just released a PSN on this yesterday PSN# PSN005946u

The truth is just an excuse for lack of imagination.
 
 https://files.engineering.com/getfile.aspx?folder=dd500f86-7a2f-44c8-b315-f361d4b3cc3c&file=PSN_Log4j2.pdf
critchey: Thank you. All my customers are on R11.1.0.1.0 Build 95 - Some are just the IPO on essential edition, I am assuming those do not need to be patched, only UCM/App Servers. Do I need to load the one-x patch if none of my customers are using one-x? If so, do I load (oneXportal-11.1.2001-90.rpm) or (oneXportal-11.1.2001-90.rpm.SHA256) ?

ACSS
 
PSN is removed at this moment.
 
According to the PSN the IP 500 V2 is not effected directly only Media Manager, One-X Portal, WebRTC and Web Collabs are effected. If you are not using any of these applications you do not need to upgrade.

"The IP Office applications: one-X Portal (Windows and Linux), Media Manager, WebRTC Gateway and Web Collaboration are
impacted by the Log4j vulnerability CVE-2021-44228 only.

This issue does not affect IP Office Basic Edition, Essential Edition, Branch deployments or IP Office Powered By Containers.
Preferred Edition without any of the vulnerable applications active is also not affected."

The truth is just an excuse for lack of imagination.
 
critchey: Well that will save me alot of time. I got my ASBCE patched, looks like all I will need to do. Only application I use is IX Workplace.

ACSS
 
To be safe you should disable OneX Portal, Media Manager, WebRTC Gateway and Web Collaboration. OneX Portal and WebRTC Gateway are usually enabled.

Don't feel safe if those services are not available from the outside because worms will come soon that infect unpatched public available devices and jump over to other devices then.

IP Office remote service
IP Office certificate check
CLI based call blocking
SCN fallback over PSTN
 
@jallen2020 thank you for proving that out over the SIP interface! This was the exact discussion I had with my team. You rock.

I am not able to get the patch for ASBCE 8.1.2 (or any of the older hotfixes prior to the newest from 12/21) Anyone have a workaround?

Anyone patched their SBC? Even though the management interface isn't exposed it gives me the willies so I want to patch asap. Thanks everyone for their comments in here, great place to come for IPO experts!
 
Anyone else having trouble downloading anything from the Avaya Support site? I can't load support documents or PSNs.

Cheers,
BFG9K
Avaya IPO/ACCS Technician
Melbourne, Australia
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top