There is another critical vulnerability sweeping the IT world.

A flaw in log4j, a Java library for logging messages in applications, could allow for remote code execution by a bad actor. Any device that is running log4j and exposed to the Internet is at risk. Many hardware and software manufacturers utilize the log4j library, and they are continuing to investigate the impact to their systems and develop patches to fix the flaw.

CTComp is continuing to monitor the communications from the manufacturers we work with to stay abreast of the situation as well.

  • The monitoring and management tools CTComp uses on our customers’ networks (Kaseya VSA and ConnectWise Control / ScreenConnect) are not affected by this vulnerability.
  • Cisco has confirmed that their Meraki MX firewalls, ASA firewalls, and FTD firewalls with Firepower Management Center are not affected by this vulnerability. FTD firewalls with Firepower Device Manager are affected by the vulnerability, but Cisco has not released any mitigating workarounds or patches. Once Cisco does release a patch or workaround, CTComp will reach out to applicable customers.
  • Citrix has confirmed that their NetScaler ADC / Citrix Gateway appliances are not affected by this vulnerability.
  • VMWare’s UAG appliance, used for remote access to Horizon VDI deployments, is affected by this vulnerability. CTComp is currently in the process of notifying and working with customers who have a UAG to apply mitigation steps from VMWare.

If you have any questions, please feel free to reach out to service@ctcomp.com.

For more information, read this article on log4j vulnerability from Gartner.