log4j (CVE-2021-44228)

SOLVED
LRamos
Occasional Advisor

log4j (CVE-2021-44228)

Are any UC phones or other devices affected by this vulnerability?

Message 1 of 4
1 ACCEPTED SOLUTION

Accepted Solutions
SteffenBaierUK
Polycom Employee & Community Manager

Re: log4j (CVE-2021-44228)

Hello @kcavalancheman ,

 

Welcome back to the Poly Community.

 

My original reply already contained the link so thanks for posting the direct link again.

 

In addition, Poly is a US company so many postings happen at US time.

 

The fix may only be applicable to be done via Poly support so I suggest, instead of waiting I suggest you work with our support team in your region who can update you once a fix for public installation would become available.

 

Note: Please be aware that this section is for Poly Microsoft Phone-related issues only!

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓ SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections

View solution in original post

Message 4 of 4
3 REPLIES 3
SteffenBaierUK
Polycom Employee & Community Manager

Re: log4j (CVE-2021-44228)

Hello @LRamos ,

Welcome back to the Poly community.

Some or a couple of your old post(s) or reply(s) to them >here< are still open/pending as you have not marked these as "Accept as a solution" or at least provide some form of feedback or answer.

If they are in this state nobody finding them via a community search will know if an answer or advice provided was useful and has maybe helped you.

Could you therefore kindly go over them and mark or answer as appropriate?

If they are marked as "Accept as a solution" other users can find these easier and it helps them to utilize the community more efficiently.

 

Please do not simply mark them without any type of feedback. 

 

For your new question, I have just updated the FAQ:

 

May 26, 2015 Question: Where can I find details on Security Advisory relating to vulnerabilities on various Poly Products?

Resolution: Please check => here <=

 

The Poly security centre has a post and will be updated throughout our investigation.

Best Regards

Steffen Baier

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓ SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections
Message 2 of 4
kcavalancheman
Occasional Visitor

Re: log4j (CVE-2021-44228)

They are publishing updates to the issue here:

 

https://support.polycom.com/content/support/security-center.html

 

It's at the very top.  The patches / fixes for DMA were supposed to be out today; however, I don't see them available for download as of 12/23/2021 5:51am CST.

 

Dallas

Message 3 of 4
SteffenBaierUK
Polycom Employee & Community Manager

Re: log4j (CVE-2021-44228)

Hello @kcavalancheman ,

 

Welcome back to the Poly Community.

 

My original reply already contained the link so thanks for posting the direct link again.

 

In addition, Poly is a US company so many postings happen at US time.

 

The fix may only be applicable to be done via Poly support so I suggest, instead of waiting I suggest you work with our support team in your region who can update you once a fix for public installation would become available.

 

Note: Please be aware that this section is for Poly Microsoft Phone-related issues only!

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓ SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections
Message 4 of 4