===========================================================================
ZMCIRT Vulnerability Bulletin
ZMC-2021.12.24.1700
UPDATE Cisco Products: Multiple vulnerabilities
24th December 2021
===========================================================================
Product: Cisco Products
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-45105 CVE-2021-45046 CVE-2021-44228
Reference: ASB-2021.0244.5
ESB-2021.4186.3
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Revision History: December 21 2021: Vendor updated vulnerable products list and products confirmed not vulnerable
December 20 2021: Vendor updated the advisory with additional CVEs and vulnerable products
December 15 2021: Vendor updated vulnerable products
December 14 2021: Vendor updated vulnerable products
December 14 2021: Vendor updated vulnerable products
December 13 2021: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021
Priority: Critical
Advisory ID: cisco-sa-apache-log4j-qRuKNEbd
First Published: 2021 December 10 18:45 GMT
Last Updated: 2021 December 20 20:29 GMT
Version 1.24: Interim
Workarounds: No workarounds available
Cisco Bug IDs: CSCwa47342
CVE Names: CVE-2021-44228 CVE-2021-45046
CWEs: CWE-20 CWE-502
Summary
o Critical Vulnerabilities in Apache Log4j Java Logging Library
On December 9, 2021, the following critical vulnerability in the Apache
Log4j Java logging library affecting all Log4j2 versions earlier than
2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against
attacker controlled LDAP and other JNDI related endpoints
On December 14, 2021, the following critical vulnerability, which affects
certain Apache Log4j use cases in versions 2.15.0 and earlier, was
disclosed:
CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and
Context Lookup Pattern vulnerable to a denial of service attack
On December 18, 2021, a vulnerability in the Apache Log4j component
affecting versions 2.16 and earlier was disclosed:
CVE-2021-45105: Apache Log4j2 does not always protect from infinite
recursion in lookup evaluation
For a description of these vulnerabilities, see the Apache Log4j Security
Vulnerabilities page.
Cisco's Response to These Vulnerabilities
Cisco continues to assess all products and services for impact from both
CVE-2021-44228 and CVE-2021-45046. To help detect exploitation of these
vulnerabilities, Cisco has released Snort rules at the following location:
Talos Rules 2021-12-17
Product fixes that are listed in this advisory will address both
CVE-2021-44228 and CVE-2021-45046 unless otherwise noted.
Cisco is reviewing CVE-2021-45105 to determine what impact it may have on
Cisco products and cloud offerings and will provide upgrades for affected
products.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Affected Products
o Cisco is investigating its product line to determine which products may be
affected by these vulnerabilities. As the investigation progresses, Cisco
will update this advisory with information about affected products.
This advisory only lists Cisco products and services that are known to
include the impacted software component and thus may be vulnerable.
Products and services that do not contain the impacted software component
are not vulnerable and therefore are not listed in this advisory. Any Cisco
product or service that is not explicitly listed in the Affected Products
section of this advisory is not affected by the vulnerability or
vulnerabilities described. Because this is an ongoing investigation, be
aware that products that are currently considered not vulnerable may
subsequently be considered vulnerable as additional information becomes
available.
The Vulnerable Products section includes Cisco bug IDs for each affected
product. The bugs are accessible through the Cisco Bug Search Tool and
contain additional platform-specific information, including workarounds (if
available) and fixed software releases.
Products Under Investigation
At this time, there are no products under active investigation. Cisco
continues to monitor this situation and will update this document as
information becomes available.
Vulnerable Products
Cisco is investigating its product line to determine which products may be
affected by these vulnerabilities. This section will be updated as
information is available.
The following table lists Cisco products that are affected by one or both
of the vulnerabilities that are described in this advisory. If a future
release date is indicated for software, the date provided represents an
estimate based on all information known to Cisco as of the Last Updated
date at the top of the advisory. Availability dates are subject to change
based on a number of factors, including satisfactory testing results and
delivery of other priority features and fixes. If no version or date is
listed for an affected component (indicated by a blank field and/or an
advisory designation of Interim), Cisco is continuing to evaluate the fix
and will update the advisory as additional information becomes available.
After the advisory is marked Final, customers should refer to the
associated Cisco bug(s) for further details.
Product Cisco Bug Fixed Release
ID Availability
Collaboration and Social Media
CWMS-3.0MR4SP3 patch (21
Dec 2021)
CWMS-4.0MR4SP3 patch (21
Cisco Webex Meetings Server CSCwa47283 Dec 2021)
CWMS-3.0MR4SP2 patch (14
Dec 2021)
CWMS-4.0MR4SP2 patch (14
Dec 2021)
Endpoint Clients and Client Software
Cisco CX Cloud Agent Software CSCwa47272 1.12.2 (17 Dec 2021)
Network Application, Service, and Acceleration
11.6(2) (23 Dec 2021)
Cisco Call Studio CSCwa54008 12.0(1) (23 Dec 2021)
12.5(1) (23 Dec 2021)
12.6(1) (23 Dec 2021)
Cisco Nexus Insights CSCwa47284 6.0.2 (17 Dec 2021)
Network and Content Security Devices
6.2.3 hotfix (23 Dec
2021)
6.4.0 hotfix (Available)
Cisco Firepower Threat Defense (FTD) 6.6.5 hotfix (Available)
managed by Firepower Device Manager CSCwa46963 6.7.0 hotfix (23 Dec
(FDM) 2021)
7.0.1 hotfix (Available)
7.1.0 hotfix (23 Dec
2021)
2.4 hotfix (15 Dec 2021)
2.6 hotfix (15 Dec 2021)
Cisco Identity Services Engine (ISE) CSCwa47133 2.7 hotfix (15 Dec 2021)
3.0 hotfix (15 Dec 2021)
3.1 hotfix (17 Dec 2021)
Network Management and Provisioning
Cisco Application Policy Infrastructure
Controller (APIC) - Network Insights CSCwa47295
Base App
Cisco Automated Subsea Tuning CSCwa48806 2.1.0 (22 Dec 2021)
3.0.000.115 (patch) (17
Dec 2021)
Cisco Business Process Automation CSCwa47269 3.1.000.044 (patch) (17
Dec 2021)
3.2.000.009 (patch) (17
Dec 2021)
Cisco CloudCenter Cost Optimizer CSCwa48074 5.5.2 (23 Dec 2021)
Cisco CloudCenter Suite Admin CSCwa47349 5.3.1 (23 Dec 2021)
Cisco CloudCenter Workload Manager CSCwa47350 5.5.2 (23 Dec 2021)
Cisco CloudCenter CSCwa48832 4.10.0.16 (23 Dec 2021)
2.10.0.1 hotfix
Cisco Common Services Platform CSCwa47271 (Available)
Collector (CSPC) 2.9.1.3 hotfix
(Available)
2.0.2 patch (21 Dec
Cisco Crosswork Data Gateway CSCwa47257 2021)
3.0.1 patch (21 Dec
2021)
2.0.1 patch (22 Dec
Cisco Crosswork Network Controller CSCwa49936 2021)
3.0.1 patch (22 Dec
2021)
2.0.1 patch (21 Dec
Cisco Crosswork Optimization Engine CSCwa49939 2021)
3.0.1 patch (21 Dec
2021)
4.0.1 patch (22 Dec
Cisco Crosswork Platform Infrastructure CSCwa47367 2021)
4.1.1 patch (22 Dec
2021)
Cisco Crosswork Situation Manager CSCwa51878 8.0.0.8 patch (21 Dec
2021)
2.0.1 patch (21 Dec
Cisco Crosswork Zero Touch Provisioning CSCwa47259 2021)
(ZTP) 3.0.1 patch (21 Dec
2021)
Cisco Cyber Vision Sensor Management CSCwa49482 4.0.3 (22 Dec 2021)
Extension
Cisco DNA Spaces Connector CSCwa47320 v2.0.588 (Available)
v2.2.12 (Available)
12.0(2d) (23 Dec 2021)
11.5(3) patch (23 Dec
2021)
11.5(2) patch (23 Dec
Cisco Data Center Network Manager 2021)
(DCNM) CSCwa47291 11.5(1) patch (23 Dec
2021)
11.4(1) patch (23 Dec
2021)
11.3(1) patch (23 Dec
2021)
5.1.3.1 patch (22 Dec
2021)
Cisco Evolved Programmable Network CSCwa47310 5.0.2.1 patch (13 Jan
Manager 2022)
4.1.1.1 patch (13 Jan
2022)
Cisco Intersight Virtual Appliance CSCwa47304 1.0.9-361 (20 Dec 2021)
nso-5.3.5.1 (17 Dec
2021)
nso-5.4.5.2 (17 Dec
Cisco Network Services Orchestrator CSCwa47342 2021)
(NSO) nso-5.5.4.1 (17 Dec
2021)
nso-5.6.3.1 (17 Dec
2021)
Cisco Nexus Dashboard, formerly Cisco CSCwa47299 2.1.2 (23 Dec 2021)
Application Services Engine
Cisco Prime Service Catalog CSCwa47347 12.1 patch (20 Dec 2021)
Cisco Smart PHY CSCwa50021 3.2.1 patch (20 Dec
2021)
Cisco Virtual Topology System (VTS) CSCwa47334 2.6.7 (22 Dec 2021)
3.2.x patch (17 Dec
2021)
3.4.4 patch (17 Dec
2021)
Cisco Virtualized Infrastructure CSCwa49924 3.4.6 patch (17 Dec
Manager 2021)
4.2.0 patch (17 Dec
2021)
4.2.1 patch (17 Dec
2021)
7.5.0.1 (22 Dec 2021)
Cisco WAN Automation Engine (WAE) CSCwa47369 7.4.0.1 (21 Jan 2022)
7.3.0.2 (21 Jan 2022)
Routing and Switching - Enterprise and Service Provider
2.2.2.8 patch (23 Dec
2021)
Cisco DNA Center CSCwa47322 2.2.3.4 patch (29 Dec
2021)
2.1.2.8 patch (25 Jan
2022)
1.14.5 patch (16 Dec
Cisco IOx Fog Director CSCwa47370 2021)
1.16.4 patch (Available)
Cisco Network Assurance Engine CSCwa47285 6.0.2 (23 Dec 2021)
7.3.2 SMU/GISO (14 Jan
Cisco Network Convergence System 1004 CSCwa52235 2022)
7.3.1 SMU (21 Jan 2022)
Cisco Optical Network Controller CSCwa48793 1.1.0 (22 Dec 2021)
20.3.4.1 (Available as
of 17 Dec 2021)
20.6.2.1 (Available as
Cisco SD-WAN vManage CSCwa47745 of 17 Dec 2021)
20.5.1.1 (Available as
of 17 Dec 2021)
20.4.2.1 (Available as
of 17 Dec 2021)
Unified Computing
Cisco Integrated Management Controller CSCwa47307 2.3.2.1 (23 Dec 2021)
(IMC) Supervisor
Cisco UCS Central Software CSCwa47303 2.0(1p) (22 Dec 2021)
Cisco UCS Director CSCwa47288 6.8.2.0 (23 Dec 2021)
Cisco Workload Optimization Manager CSCwa50220 3.2.1 patch (Available)
Voice and Unified Communications Devices
2021.11_1.162 (13 Dec
Cisco BroadWorks CSCwa47315 2021)
ap381882 (15 Dec 2021)
Cisco Cloud Connect CSCwa51545 12.6(1): (Available)
12.5(1) ES6: (20 Dec
Cisco Contact Center Domain Manager CSCwa47383 2021)
(CCDM) 12.6(1) ES3: (20 Dec
2021)
12.5(1) ES6: (20 Dec
Cisco Contact Center Management Portal CSCwa47383 2021)
(CCMP) 12.6(1) ES3: (20 Dec
2021)
11.5(4)SU9 patch (16 Dec
Cisco Emergency Responder CSCwa47391 2021)
11.5(4)SU10 patch (16
Dec 2021)
12.0(1) patch
(Available)
Cisco Enterprise Chat and Email CSCwa47392 12.5 (1) patch
(Available)
12.6(1) patch
(Available)
Cisco Finesse CSCwa46459 12.6(1) (23 Dec 2021)
11.6(2) (Available)
Cisco Packaged Contact Center CSCwa47274 12.0(1) (Available)
Enterprise 12.5(1) (Available)
12.6(1) (23 Dec 2021)
Cisco Paging Server CSCwa47395 14.4.2 (20 Dec 2021)
11.5(1)SU7 patch (16 Dec
2021)
11.5(1)SU8 patch (16 Dec
2021)
Cisco Unified Communications Manager / 11.5(1)SU9 patch (16 Dec
Cisco Unified Communications Manager CSCwa47249 2021)
Session Management Edition 11.5(1)SU10 patch (16
Dec 2021)
11.5(1.18119-2) through
11.5(1.23162-1) patch
(16 Dec 2021)
11.5(1)SU7 patch (16 Dec
2021)
11.5(1)SU8 patch (16 Dec
2021)
11.5(1)SU9 patch (16 Dec
Cisco Unified Communications Manager IM CSCwa47393 2021)
&Presence Service 11.5(1)SU10 patch (16
Dec 2021)
11.5(1.18900-16) patch
(16 Dec 2021)
11.5(1.18901-3) patch
(16 Dec 2021)
11.6(1)ES23 (23 Dec
2021)
12.0(1)ES18 (23 Dec
Cisco Unified Contact Center Enterprise CSCwa46810 2021)
- Live Data server 12.5(1)ES13 (23 Dec
2021)
12.6(1)ES03 (23 Dec
2021)
11.6(2) (Available)
Cisco Unified Contact Center Enterprise CSCwa47273 12.0(1) (Available)
12.5(1) (Available)
12.6(1) (23 Dec 2021)
Cisco Unified Contact Center Express CSCwa47388 12.5(1)SU1 (23 Dec 2021)
11.6(2) (23 Dec 2021)
Cisco Unified Customer Voice Portal CSCwa47275 12.0(1) (Available)
12.5(1) (Available)
12.6(1) (23 Dec 2021)
Cisco Unified Intelligence Center CSCwa46525 12.6(1) (23 Dec 2021)
Cisco Unified SIP Proxy Software CSCwa47265 10.2.1v2 patch (23 Dec
2021)
11.5(1)SU7 patch (16 Dec
2021)
11.5(1)SU8 patch (16 Dec
2021)
11.5(1)SU9 patch (16 Dec
Cisco Unity Connection CSCwa47387 2021)
11.5(1)SU10 patch (16
Dec 2021)
11.5(1.18119-2) through
11.5(1.23162-1) patch
(16 Dec 2021)
Cisco Virtualized Voice Browser CSCwa47397 12.5(1) (Available)
12.6(1) (23 Dec 2021)
Cisco Webex Workforce Optimization CSCwa51476 11.5(1) (20 Dec 2021)
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Video Surveillance Operations CSCwa47360 7.14.4 patch (16 Dec
Manager 2021)
Wireless
10.6.3-70 patch (16 Dec
2021)
Cisco Connected Mobile Experiences CSCwa47312 10.6.3-105 patch (16 Dec
(CMX) 2021)
10.6.2-89 patch (16 Dec
2021)
Products Confirmed Not Vulnerable
Cisco is investigating its product line to determine which products may be
affected by these vulnerabilities. This section will be updated as
information becomes available.
Any product not listed in the Products Under Investigation or Vulnerable
Products section of this advisory is to be considered not vulnerable.
Because this is an ongoing investigation, be aware that products that are
currently considered not vulnerable may subsequently be considered
vulnerable as additional information becomes available.
Cisco has confirmed that these vulnerabilities do not affect the following
Cisco products:
Cable Devices
Cisco GS7000 Nodes
Cisco RF Gateway Series
Cisco Remote PHY 120
Collaboration and Social Media
Cisco SocialMiner
Endpoint Clients and Client Software
Cisco AnyConnect Secure Mobility Client
Cisco Jabber Guest
Cisco Secure Endpoint, formerly Cisco Advanced Malware Protection for
Endpoints
Cisco Webex App
Meraki Products
Cisco Meraki Go Series
Cisco Meraki MR Series Cloud-Managed Wireless Access Points
Cisco Meraki MS Series Switches
Cisco Meraki MT Series Sensors
Cisco Meraki MV Series Cloud-Managed Smart Cameras
Cisco Meraki MX Series Cloud-Managed Security and SD-WAN
Cisco Meraki Systems Manager (SM)
Cisco Meraki Z-Series Cloud-Managed Teleworker Gateway
Network Application, Service, and Acceleration
Cisco Cloud Services Platform 2100
Cisco Cloud Services Platform 5000 Series
Cisco Nexus Dashboard Data Broker
Cisco Tetration Analytics
Cisco Wide Area Application Services (WAAS)
ConfD
Network and Content Security Devices
Cisco AMP Virtual Private Cloud Appliance
Cisco Adaptive Security Appliance (ASA) Software
Cisco Adaptive Security Device Manager
Cisco Adaptive Security Virtual Appliance (ASAv)
Cisco Advanced Web Security Reporting Application
Cisco Email Security Appliance (ESA)
Cisco FXOS Firepower Chassis Manager
Cisco Firepower Management Center
Cisco Firepower Next-Generation Intrusion Prevention System (NGIPS)
Cisco Firepower Threat Defense (FTD) managed by Cisco Firepower
Management Center
Cisco Secure Email and Web Manager, formerly Cisco Content Security
Management Appliance (SMA)
Cisco Secure Network Analytics, formerly Stealthwatch
Cisco Secure Services Proxy (CSSP)
Cisco Security Malware Analytics Appliance, formerly Cisco Threat Grid
Appliance
Cisco Security Manager
Cisco Web Security Appliance (WSA)
Network Management and Provisioning
Cisco ACI Multi-Site Orchestrator
Cisco CloudCenter Action Orchestrator
Cisco Connected Grid Device Manager
Cisco Container Platform
Cisco Crosswork Change Automation
Cisco Crosswork Health Insights
Cisco Crosswork Service Health
Cisco Elastic Services Controller (ESC)
Cisco Intelligent Node (iNode) Manager
Cisco Intersight Mobile App
Cisco IoT Field Network Director, formerly Cisco Connected Grid Network
Management System
Cisco Modeling Labs
Cisco NCS 2000 Shelf Virtualization Orchestrator
Cisco Optical Network Planner
Cisco Policy Suite
Cisco Prime Access Registrar
Cisco Prime Cable Provisioning
Cisco Prime Central for Service Providers
Cisco Prime Collaboration Assurance
Cisco Prime Collaboration Deployment
Cisco Prime Collaboration Provisioning
Cisco Prime IP Express
Cisco Prime Infrastructure
Cisco Prime License Manager
Cisco Prime Network Registrar
Cisco Prime Network
Cisco Prime Optical for Service Providers
Cisco Prime Performance Manager
Cisco Prime Provisioning
Cisco Process Orchestrator
Cisco Smart Software Manager On-Prem
Cisco Telemetry Broker
Routing and Switching - Enterprise and Service Provider
Cisco ACI Virtual Edge
Cisco ASR 5000 Series Routers
Cisco Application Policy Infrastructure Controller Enterprise Module
(APIC-EM)
Cisco Enterprise NFV Infrastructure Software (NFVIS)
Cisco GGSN Gateway GPRS Support Node
Cisco IOS XR Software
Cisco IOS and IOS XE Software
Cisco IP Services Gateway (IPSG)
Cisco MDS 9000 Series Multilayer Switches
Cisco MME Mobility Management Entity
Cisco Mobility Unified Reporting and Analytics System
Cisco Network Convergence System 2000 Series
Cisco Nexus 3000 Series Switches
Cisco Nexus 5500 Platform Switches
Cisco Nexus 5600 Platform Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Nexus 9000 Series Fabric Switches in Application Centric
Infrastructure (ACI) mode
Cisco Nexus 9000 Series Switches in standalone NX-OS mode
Cisco PDSN/HA Packet Data Serving Node and Home Agent
Cisco PGW Packet Data Network Gateway
Cisco SD-WAN vBond Controller Software
Cisco SD-WAN vEdge 100 Series Routers
Cisco SD-WAN vEdge 1000 Series Routers
Cisco SD-WAN vEdge 2000 Series Routers
Cisco SD-WAN vEdge 5000 Series Routers
Cisco SD-WAN vEdge Cloud Router Platform
Cisco SD-WAN vSmart Controller Software
Cisco System Architecture Evolution Gateway (SAEGW)
Cisco Ultra Cloud Core - Access and Mobility Management Function
Cisco Ultra Cloud Core - Policy Control Function
Cisco Ultra Cloud Core - Redundancy Configuration Manager
Cisco Ultra Cloud Core - Session Management Function
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure
Cisco Ultra Packet Core
Cisco Ultra Services Platform
Routing and Switching - Small Business
Cisco 220 Series Smart Plus Switches
Cisco 250 Series Smart Switches
Cisco 350 Series Managed Switches
Cisco 550 Series Stackable Managed Switches
Cisco Business 220 Series Smart Switches
Cisco Business 250 Series Smart Switches
Cisco Business 350 Series Managed Switches
Cisco Business Dashboard
Cisco RV110W Wireless-N VPN Firewall
Cisco RV130 VPN Router
Cisco RV130W Wireless-N Multifunction VPN Router
Cisco RV132W ADSL2+ Wireless-N VPN Router
Cisco RV134W VDSL2 Wireless-AC VPN Router
Cisco RV160 VPN Router
Cisco RV160W Wireless-AC VPN Router
Cisco RV215W Wireless-N VPN Router
Cisco RV260 VPN Routers
Cisco RV260P VPN Router with PoE
Cisco RV260W Wireless-AC VPN Router
Cisco RV320 Dual Gigabit WAN VPN Router
Cisco RV325 Dual Gigabit WAN VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit POE VPN Router
Cisco Small Business 200 Series Smart Switches
Cisco Small Business 300 Series Managed Switches
Cisco Small Business 500 Series Stackable Managed Switches
Cisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE
Cisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE
Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE
Cisco WAP371 Wireless-AC/N Radio Access Point with Single Point Setup
Cisco WAP571 Wireless-AC/N Premium Dual Radio Access Point with PoE
Cisco WAP571E Wireless-AC/N Premium Dual Radio Outdoor Access Point
Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN
Unified Computing
Cisco 5000 Series Enterprise Network Compute System (ENCS)
Cisco HyperFlex System
Cisco Hyperflex Storage Replication Adapter
Cisco UCS C-Series Rack Servers - Integrated Management Controller
Cisco UCS E-Series Servers
Cisco UCS Manager
Voice and Unified Communications Devices
Cisco Headset 500 and 700 Series
Cisco Hosted Collaboration Mediation Fulfillment
Cisco IP Phones with Multiplatform Firmware
Cisco IP Phones
Cisco TelePresence Endpoints
Cisco Unified Attendant Console Advanced
Cisco Unified Attendant Console Business Edition
Cisco Unified Attendant Console Department Edition
Cisco Unified Attendant Console Enterprise Edition
Cisco Unified Attendant Console Premium Edition
Cisco Unified Communications Domain Manager
Cisco Unity Express
Cisco Webex Devices
Cisco Webex Hybrid Data Security Node
Cisco Webex Video Mesh
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Expressway Series
Cisco Meeting Management (CMM)
Cisco Meeting Server
Cisco TelePresence Management Suite
Cisco TelePresence Video Communication Server (VCS)
Cisco Video Surveillance Media Server
Cisco Vision Dynamic Signage Director
Wireless
Cisco AireOS Wireless LAN Controllers
Cisco Aironet Access Points
Cisco Business 100 and 200 Series Access Points
Cisco Business Wireless
Cisco Catalyst 9100 Series Access Points
Cisco Catalyst 9800 Series Wireless Controllers
Cisco IOS Access Points
Cisco Mobility Services Engine
Cisco Ultra-Reliable Wireless Backhaul
Cisco Cloud Offerings
Cisco is investigating its cloud offerings to determine which products may
be affected by these vulnerabilities. The following table lists Cisco cloud
offerings that are part of this investigation. This table will be updated
as information is available.
Product CVE-2021-44228 CVE-2021-45046
AppDynamics Remediated Remediated
AppDynamics with Cisco Secure Application Remediated Remediated
Cisco Cloud Email Security Not vulnerable Not vulnerable
Cisco Cloudlock Remediated Remediated
Cisco Cloudlock for Government Remediated Remediated
Cisco Cognitive Intelligence Not vulnerable Not vulnerable
Cisco Collaboration Experience Service (CES) Not vulnerable Not vulnerable
Cisco Collaboration Experience Service Remediated Under
Management (CESM) investigation
Cisco Crosswork Cloud Not vulnerable Not vulnerable
Cisco CX Cloud Remediated Remediated
Cisco Defense Orchestrator Not vulnerable Not vulnerable
Cisco DNA Spaces Remediated Remediated
Cisco Intersight Remediated Remediated
Cisco IoT Control Center Remediated Remediated
Cisco IoT Operations Dashboard Remediated Under
investigation
Cisco Kinetic for Cities Remediated Under
investigation
Cisco Kinetic Gateway Management Module Remediated Remediated
Cisco Managed Services Accelerator (MSX) Remediated Under
investigation
Cisco Placetel Not vulnerable Not vulnerable
Cisco PX Cloud Remediated Remediated
Cisco SD-WAN Cloud Remediated Remediated
Cisco SD-WAN vAnalytics Not vulnerable Not vulnerable
Cisco Secure Application (integrated with Not vulnerable Not vulnerable
AppDynamics)
Cisco Secure Cloud Analytics, formerly Cisco Not vulnerable Not vulnerable
Stealthwatch Cloud
Cisco Secure Cloud Insights Not vulnerable Not vulnerable
Cisco Secure Email Cloud Mailbox, formerly Not vulnerable Not vulnerable
Cisco Cloud Mailbox Defense
Cisco Secure Email Encryption Add-in Not vulnerable Not vulnerable
Cisco Secure Email Encryption Service, Not vulnerable Not vulnerable
formerly Cisco Registered Envelope Service
Cisco Secure Endpoint, formerly Cisco Not vulnerable Not vulnerable
Advanced Malware Protection for Endpoints
Cisco Secure Malware Analytics, formerly Not vulnerable Not vulnerable
Cisco Threat Grid
Cisco SecureX Not vulnerable Not vulnerable
Cisco ServiceGrid Not vulnerable Not vulnerable
Cisco Smart Net Total Care Remediated Remediated
Cisco Umbrella DNS Remediated Remediated
Cisco Umbrella SIG Remediated Under
investigation
Cisco Unified Communications Management Cloud Remediated Under
- UC Management investigation
Cisco Unified Communications Manager Cloud Remediated Under
Commercial investigation
Cisco Unified Communications Manager Cloud Remediated Under
for Government investigation
Cisco Webex Calling Remediated Under
investigation
Cisco Webex Calling Carrier Remediated Under
investigation
Cisco Webex Cloud Registered Endpoints Not vulnerable Not vulnerable
Cisco Webex Cloud-Connected UC Remediated Remediated
Cisco Webex Contact Center Remediated Under
investigation
Cisco Webex Contact Center Enterprise Remediated Under
investigation
Cisco Webex Control Hub Remediated Under
investigation
Cisco Webex Experience Management Not vulnerable Not vulnerable
Cisco Webex FedRAMP Remediated Under
investigation
Cisco Webex for Government FedRAMP Remediated Under
investigation
Cisco Webex Meetings Remediated Under
investigation
Cisco Webex Meetings Slow Channel Remediated Under
investigation
Cisco Webex Messaging Remediated Under
investigation
Cisco Webex Site Admin webpage Remediated Under
investigation
Duo Security Remediated Remediated
Duo Security for Government Remediated Remediated
eSIM Flex Remediated Remediated
IMIassist Not vulnerable Not vulnerable
IMIcampaign Not vulnerable Not vulnerable
IMIconnect Remediated Remediated
IMIengage Not vulnerable Not vulnerable
IMImessenger/TextLocal Messenger Not vulnerable Not vulnerable
IMImobile - Webex Contact Center Integration Remediated Remediated
IMInotify Not vulnerable Not vulnerable
IMIsocial Not vulnerable Not vulnerable
Kenna.AppSec Remediated Remediated
Kenna.VI/VI+ Remediated Remediated
Kenna.VM Remediated Remediated
Meraki Not vulnerable Not vulnerable
Partner Supporting Service(PSS) Remediated Remediated
Slido Not vulnerable Not vulnerable
Smart Call Home(SCH) Remediated Remediated
Socio Not vulnerable Not vulnerable
ThousandEyes Remediated Remediated
UC-One - UMS Not vulnerable Not vulnerable
Workarounds
o Any workarounds are documented in the product-specific Cisco bugs, which
are identified in the Vulnerable Products section of this advisory.
Fixed Software
o For information about fixed software releases, consult the Cisco bugs
identified in the Vulnerable Products section of this advisory.
When considering software upgrades, customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page, to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is aware that
proof-of-concept exploit code is available for the vulnerabilities
described in this advisory.
Source
o CVE-2021-44228: This vulnerability was publicly disclosed by the Apache
Log4j Security Vulnerabilities announcement on December 9, 2021.
CVE-2021-45046: This vulnerability was publicly disclosed by the Apache
Log4j Security Vulnerabilities announcement on December 14, 2021.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
Action Links for This Advisory
o Snort Rule 58722
Snort Rule 58723
Snort Rule 58724
Snort Rule 58725
Snort Rule 58726
Snort Rule 58727
Snort Rule 58728
Snort Rule 58729
Snort Rule 58730
Snort Rule 58731
Snort Rule 58732
Snort Rule 58733
Snort Rule 300055
Snort Rule 300056
Snort Rule 300057
Snort Rule 58734
Snort Rule 58735
Snort Rule 58736
Snort Rule 58737
Snort Rule 58738
Snort Rule 58739
Snort Rule 58740
Snort Rule 58741
Snort Rule 58742
Snort Rule 58743
Snort Rule 58744
Snort Rule 300058
Snort Rule 58751
Snort Rule 58784
Snort Rule 58785
Snort Rule 58786
Snort Rule 58787
Snort Rule 58788
Snort Rule 58789
Snort Rule 58790
Snort Rule 58795
Snort Rule 58801
Snort Rule 58802
Snort Rule 58803
Snort Rule 58804
Snort Rule 58805
Snort Rule 58806
Snort Rule 58807
Snort Rule 58808
Snort Rule 58809
Snort Rule 58810
Snort Rule 58811
Snort Rule 58812
Snort Rule 58813
Snort Rule 58814
Show All 50...
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Revision History
o +---------+----------------------------+----------+---------+-------------+
| Version | Description | Section | Status | Date |
+---------+----------------------------+----------+---------+-------------+
| | Updated vulnerable | Affected | | |
| 1.24 | products and products | Products | Interim | 2021-DEC-20 |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated summary and | Summary | | |
| 1.23 | products under | and | Interim | 2021-DEC-19 |
| | investigation. | Affected | | |
| | | Products | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.22 | investigation, vulnerable | Affected | Interim | 2021-DEC-17 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the summary, | Summary | | |
| | products under | and | | |
| 1.21 | investigation, vulnerable | Affected | Interim | 2021-DEC-17 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.20 | investigation, vulnerable | Affected | Interim | 2021-DEC-17 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.19 | investigation, vulnerable | Affected | Interim | 2021-DEC-16 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.18 | investigation, vulnerable | Affected | Interim | 2021-DEC-16 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.17 | investigation, vulnerable | Affected | Interim | 2021-DEC-15 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the summary, | Summary | | |
| | products under | and | | |
| 1.16 | investigation, vulnerable | Affected | Interim | 2021-DEC-15 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.15 | investigation, vulnerable | Affected | Interim | 2021-DEC-15 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.14 | investigation, vulnerable | Affected | Interim | 2021-DEC-14 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.13 | investigation, vulnerable | Affected | Interim | 2021-DEC-14 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.12 | investigation, vulnerable | Affected | Interim | 2021-DEC-14 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.11 | investigation, vulnerable | Affected | Interim | 2021-DEC-13 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | Summary | | |
| 1.10 | investigation, vulnerable | and | Interim | 2021-DEC-13 |
| | products, and products | Affected | | |
| | confirmed not vulnerable. | Products | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.9 | investigation, vulnerable | Affected | Interim | 2021-DEC-13 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.8 | investigation, vulnerable | Affected | Interim | 2021-DEC-12 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.7 | investigation, vulnerable | Affected | Interim | 2021-DEC-12 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.6 | investigation, vulnerable | Affected | Interim | 2021-DEC-12 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.5 | investigation, vulnerable | Affected | Interim | 2021-DEC-12 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Updated the products under | | | |
| 1.4 | investigation, vulnerable | Affected | Interim | 2021-DEC-11 |
| | products, and products | Products | | |
| | confirmed not vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| | Indicated advisory update | | | |
| | schedule. Updated the | Summary, | | |
| 1.3 | vulnerable products and | Affected | Interim | 2021-DEC-11 |
| | products confirmed not | Products | | |
| | vulnerable. | | | |
+---------+----------------------------+----------+---------+-------------+
| 1.2 | Added Products Under | Affected | Interim | 2021-DEC-11 |
| | Investigation. | Products | | |
+---------+----------------------------+----------+---------+-------------+
| 1.1 | Added Snort rule link. | Summary | Interim | 2021-DEC-10 |
+---------+----------------------------+----------+---------+-------------+
| 1.0 | Initial public release. | - | Interim | 2021-DEC-10 |
+---------+----------------------------+----------+---------+-------------+
- --------------------------END INCLUDED TEXT--------------------
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Internet Email: report@cirt.zm
Telephone: 7070
ZMCIRT personnel answer during Zambian business hours
which are 8am to 5pm.
On call after hours for member emergencies only.
===========================================================================
Copyright @2023 ZAMBIA CIRT