Follow

Log4j Vulnerability and NewTek Products

On December 09, 2021, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) that could allow remote unauthenticated attackers to execute code on vulnerable systems was disclosed to the public. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. NIST also published a critical Common Vulnerabilities and Exposure alert: CVE-2021-44228.

At NewTek, a part of Vizrt Group, product security remains our top priority as we address the open-source Apache “Log4j"(CVE-2021-44228) critical vulnerability. Vizrt Product security, together with the Product Development engineering team, is currently investigating our environment for any “indicators of compromise” and Products for traces of Log4j 2 vulnerability to determine which products are impacted. Utilizing a risk-based approach, only impacted products under investigation are listed within the context of the report.

 

Impacted Products and Remediation

Impacted Product:

Product

Component

Remediation

MediaDS(tm)

Wowza Engine version greater than 4.7.8; 
The latest update from NewTek includes version 4.7.8. Users who have not manually updated the Wowza Engine are not impacted. 

If you have manually updated your Wowza Engine to a version that is impacted by the Log4j vulnerability, please visit this link from Wowza's website, as it details Wowza's current workaround for the issue: https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve

Though the recent reveal of the Log4j vulnerability is a matter of concern for many people, owners of NewTek products can rest assured that there is nothing for them to worry about.

General security advisory

Good security, defense and hygiene measures can help during adverse situations, keeping your business-critical infrastructure safe from compromise. NewTek Product security strongly recommends that you (a) secure network infrastructure and endpoints from unauthorized access (b) do not expose your assets to the internet without appropriate security controls and (c) employ a defense-in-depth approach by configuring your control and production environment to be aligned with your organizational IT security operational policy.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.