Posted on December 13, 2021 by Fusion Connect Security Team
On Friday, December 10th, a critical vulnerability was publicly disclosed in the open-source logging library Log4j. According to the recent statement by the Cybersecurity and Infrastructure Security Agency (CISA) the critical vulnerability is affecting log4j versions 2.0-beta9 to 2.14.1 and allows unauthenticated remote code execution by adversaries.
It is a significant and widespread vulnerability was disclosed in a technology that is foundational in many software products. Any web user could be affected.
Fusion Connect has been assessing all internal and customer-facing systems to ensure appropriate measures to remediate this vulnerability. Additionally, we will continuously monitor any malicious activity associated with this vulnerability.
What should Fusion Connect customers do?
According to CISA, you need to take steps to secure your software and devices. Please review their instructions here: https://www.meritalk.com/articles/cisa-urges-quick-action-on-log4j-critical-vulnerability/.