Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Log4j - Log4Shell Critical 10/10 vulnerbility 11

Status
Not open for further replies.
The only effected releases are R11.0.4.1-R11.0.4.6 and R11.1, R11.1.1, and R11.1.2. If they are running earlier releases they are not effected and do not need a patch. If you have R11.0.4.X you need to upgrade to R11.0.4.6 to patch and if running R11.1 need to get to R11.1.2 to patch. Avaya just released a PSN on this yesterday PSN# PSN005946u

The truth is just an excuse for lack of imagination.
 
 https://files.engineering.com/getfile.aspx?folder=dd500f86-7a2f-44c8-b315-f361d4b3cc3c&file=PSN_Log4j2.pdf
critchey: Thank you. All my customers are on R11.1.0.1.0 Build 95 - Some are just the IPO on essential edition, I am assuming those do not need to be patched, only UCM/App Servers. Do I need to load the one-x patch if none of my customers are using one-x? If so, do I load (oneXportal-11.1.2001-90.rpm) or (oneXportal-11.1.2001-90.rpm.SHA256) ?

ACSS
 
PSN is removed at this moment.
 
According to the PSN the IP 500 V2 is not effected directly only Media Manager, One-X Portal, WebRTC and Web Collabs are effected. If you are not using any of these applications you do not need to upgrade.

"The IP Office applications: one-X Portal (Windows and Linux), Media Manager, WebRTC Gateway and Web Collaboration are
impacted by the Log4j vulnerability CVE-2021-44228 only.

This issue does not affect IP Office Basic Edition, Essential Edition, Branch deployments or IP Office Powered By Containers.
Preferred Edition without any of the vulnerable applications active is also not affected."

The truth is just an excuse for lack of imagination.
 
critchey: Well that will save me alot of time. I got my ASBCE patched, looks like all I will need to do. Only application I use is IX Workplace.

ACSS
 
To be safe you should disable OneX Portal, Media Manager, WebRTC Gateway and Web Collaboration. OneX Portal and WebRTC Gateway are usually enabled.

Don't feel safe if those services are not available from the outside because worms will come soon that infect unpatched public available devices and jump over to other devices then.

IP Office remote service
IP Office certificate check
CLI based call blocking
SCN fallback over PSTN
 
@jallen2020 thank you for proving that out over the SIP interface! This was the exact discussion I had with my team. You rock.

I am not able to get the patch for ASBCE 8.1.2 (or any of the older hotfixes prior to the newest from 12/21) Anyone have a workaround?

Anyone patched their SBC? Even though the management interface isn't exposed it gives me the willies so I want to patch asap. Thanks everyone for their comments in here, great place to come for IPO experts!
 
Anyone else having trouble downloading anything from the Avaya Support site? I can't load support documents or PSNs.

Cheers,
BFG9K
Avaya IPO/ACCS Technician
Melbourne, Australia
 
Status
Not open for further replies.

Similar threads

tac84
  • Question
Critical Alarm: Memory Exhausted
Replies
6
Views
427
tac84
tac84
BResource
  • Locked
  • Question
Dialling 10 digit numbers
Replies
1
Views
98
IamaSherpa
IamaSherpa
densho0
  • Locked
  • Question
Media manager 10 years call retention.
Replies
0
Views
60
densho0
densho0
Trilinkcomm
  • Locked
  • Question
Can't dial out using 10 digit dialing
Replies
1
Views
114
ipohead
ipohead
MiamiMax
  • Locked
  • Question
ARS dialing using 10 and 11 digits
Replies
2
Views
93
Westi
Westi

Part and Inventory Search

Sponsor

Back
Top