On December 9th, a severe vulnerability was discovered and published regarding the Apache Log4j 2 utility. The vulnerability is extremely wide-ranging given the widespread use of the Java-based logging library. PacketFabric has ensured that our products and services are not affected by the Log4Shell vulnerability.
PacketFabric reacted immediately by conducting a detailed investigation across our entire enterprise architecture, including critical third parties. The investigation found no evidence of compromise in any PacketFabric systems or products, and found no paths by which vulnerable software was exposed to potential compromise. Within 72 hours PacketFabric engineers had ensured that any software in our infrastructure which made use of log4j 2 was patched to updated versions.
On December 14th, a second and related vulnerability was discovered in the same library. PacketFabric’s engineers again patched instances of the log4j library to updated versions. We have taken further steps to block any potential attacks at the network level.
PacketFabric continues to monitor and work with our critical third-parties for their response to this vulnerability, and at this point all have reported they are unaffected by and safe from these vulnerabilities.
More information on these vulnerabilities and protecting against them can be found here:
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://nvd.nist.gov/vuln/detail/CVE-2021-45046