Difference between revisions of "CVE-2021-44228"

From IVS Wiki
Jump to: navigation, search
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
=Vulnerability=
 
=Vulnerability=
 +
<div class="section">
 
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
 
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
  
This vulnerability only affects VALT servers running version '''5.5''' and higher. Older VALT servers are unaffected by the vulnerability.
+
'''Based on the information available regarding the vulnerability and how the affected packages are utilized in VALT, we do not believe at this time that the vulnerability can be exploited on any VALT servers. Additionally most customers are operating VALT isolated within their own network, so the risk is low that a malicious party could connect to a VALT server to attempt to exploit the vulnerability. However in effort to ensure your security, we have provided the information below on how to address this vulnerability.'''
 +
</div>
 +
 
 +
=Affected Versions=
 +
<div class="section">
 +
This vulnerability is only present VALT servers running version '''5.5 - 5.5.8'''. Older VALT servers are unaffected by the vulnerability.
 +
 
 +
You can [[VALT_Administrator_Guide_5.5#General | check your VALT version]] on the General page under the Admin section.
 +
 
 +
 
 +
You can read the VALT release notes [[Release_Notes | here]]
 +
</div>
  
 
=Remediation=
 
=Remediation=
Intelligent Video Solutions recommends that you updated your VALT server to the latest release. The latest release includes a fix to this vulnerability. You can book an update with an IVS support engineer at http://ivs.com/book.
+
<div class="section">
 +
Intelligent Video Solutions recommends that you updated your VALT server to the latest release. The latest release includes a fix to this vulnerability. You can book an update with an IVS support engineer at http://ipivs.com/book.
  
If you are unable to update your system, you can follow the steps below to address this specific vulnerability.
+
If you are unable to update your system, you can follow the steps below to address this specific vulnerability. This remediation has been updated to address both '''CVE-2021-44228''' and '''[[CVE-2021-45046]]'''.
  
 
'''WARNING: The steps below outline using an automated script to update the VALT appliance. It is designed to be used on standard Valt appliances.'''
 
'''WARNING: The steps below outline using an automated script to update the VALT appliance. It is designed to be used on standard Valt appliances.'''
Line 15: Line 28:
 
# Log into the Valt appliance via SSH or the terminal
 
# Log into the Valt appliance via SSH or the terminal
 
# Type in the following, followed by pressing Enter: <code>wget https://ivs.box.com/shared/static/w78x8elhkxgxmqgge1w4az1npc7sw6za.gz -O log4j.tar.gz</code>
 
# Type in the following, followed by pressing Enter: <code>wget https://ivs.box.com/shared/static/w78x8elhkxgxmqgge1w4az1npc7sw6za.gz -O log4j.tar.gz</code>
#: [[File:log4j1.png]]
+
#: {{img | file = log4j1.png}}
 
# Type in the following, followed by pressing Enter: <code>tar -xvf log4j.tar.gz</code>
 
# Type in the following, followed by pressing Enter: <code>tar -xvf log4j.tar.gz</code>
#: [[File:log4j2.png]]
+
#: {{img | file = log4j2.png}}
 
# Type in the following, followed by pressing Enter: <code>cd log4j</code>
 
# Type in the following, followed by pressing Enter: <code>cd log4j</code>
 
# Type in the following, followed by pressing Enter: <code>sudo ./log4j.sh</code>  
 
# Type in the following, followed by pressing Enter: <code>sudo ./log4j.sh</code>  
 
# Enter the password if prompted.
 
# Enter the password if prompted.
#: [[File:log4j3.png]]
+
#: {{img | file = log4j3.png}}
 
# The vulnerability has now been patched.
 
# The vulnerability has now been patched.
 +
</div>

Latest revision as of 07:51, 29 September 2022

Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Based on the information available regarding the vulnerability and how the affected packages are utilized in VALT, we do not believe at this time that the vulnerability can be exploited on any VALT servers. Additionally most customers are operating VALT isolated within their own network, so the risk is low that a malicious party could connect to a VALT server to attempt to exploit the vulnerability. However in effort to ensure your security, we have provided the information below on how to address this vulnerability.

Affected Versions

This vulnerability is only present VALT servers running version 5.5 - 5.5.8. Older VALT servers are unaffected by the vulnerability.

You can check your VALT version on the General page under the Admin section.


You can read the VALT release notes here

Remediation

Intelligent Video Solutions recommends that you updated your VALT server to the latest release. The latest release includes a fix to this vulnerability. You can book an update with an IVS support engineer at http://ipivs.com/book.

If you are unable to update your system, you can follow the steps below to address this specific vulnerability. This remediation has been updated to address both CVE-2021-44228 and CVE-2021-45046.

WARNING: The steps below outline using an automated script to update the VALT appliance. It is designed to be used on standard Valt appliances.

WARNING: This applies to VALT 5.5 - 5.5.8. DO NOT PERFORM THESE STEPS ON ANY OTHER VERSION!!

  1. Log into the Valt appliance via SSH or the terminal
  2. Type in the following, followed by pressing Enter: wget https://ivs.box.com/shared/static/w78x8elhkxgxmqgge1w4az1npc7sw6za.gz -O log4j.tar.gz
    Log4j1.png
  3. Type in the following, followed by pressing Enter: tar -xvf log4j.tar.gz
    Log4j2.png
  4. Type in the following, followed by pressing Enter: cd log4j
  5. Type in the following, followed by pressing Enter: sudo ./log4j.sh
  6. Enter the password if prompted.
    Log4j3.png
  7. The vulnerability has now been patched.