On 8 December 2021, a critical vulnerability was discovered in Apache Log4j, known as Log4Shell.
What is Log4j?
It is a piece of free, open-source software used by a number of business applications.
What does this mean?
This means that some business systems are more vulnerable to cyber-attacks in the form of malware and ransomware.
Who is affected?
We are working closely with our partners and suppliers to investigate where the vulnerabilities may be, and carrying out remedial works.
Please see below for updates from a number of our partners regarding which products maybe affected. Note: all our core hardware is secure.
Avaya affected systems:
- Avaya IP Office V11 and above
- Avaya Session border controller V8 and above
- Avaya Contact Centre (ACCS)
- Avaya Session Manager
- Avaya provided a fix which Excell has actioned. Most Excell systems have had the approved patch applied, the remaining should be complete by 24 December.
- Further information can be found on the Avaya website.
- iPECS Cloud have confirmation from Ericsson-LG that the iPECS Cloud applications do not use Log4j and are therefore not at risk
- Mitel MiVoice Office 250 (unaffected)
- Mitel MiVoice Business 3300 (unaffected)
- Mitel MiCollab pre 7.0 (unaffected)
- Mitel MiCollab 7.1-9.4 – vulnerable – Excell has been implementing the vendors recommended fix. Over 80% of the vulnerable systems have been updated and the remaining systems will be updated within the next 48 hours.
- Further information can be found on the Mitel website
- The Soluno operations team took immediate action upon its release to remediate the vulnerability on potentially affected systems.
- They will continue monitoring the information regarding this issue and are also in regular contact with Telepo’s Security and Compliance team. If there are any updates to address vulnerabilities connected to log4j 2, these fixes are deemed crucial and therefore will be applied although Soluno’s network freeze is in effect.