Log4Shell critical vulnerability's impact on Genetec products
On December 9th, 2021, researchers have published a proof-of-concept (PoC) exploit code for a critical vulnerability in Apache Log4j. Entitled Log4Shell, this vulnerability might affect a Security Center Plugin.
Risk assessment
This vulnerability, identified as CVE-2021-44228, allows an unauthenticated attacker to execute code remotely. It has a CVSSv3.1 score of 10.0 (critical).
Details
The Log4Shell vulnerability affects the Apache log4j 2 library (all versions before 2.14.1), a widely-used open source Java logging library developed by the Apache Foundation.
The Security Center ATM Diebold Integration plugin uses Elastic Search 5 which itself uses the log4j library. The impact of that usage is under investigation. No other products are impacted.
Recommendation
As a precautionary measure, Genetec recommends updating the Elastic Search version of the ATM Diebold plugin to 6.8.21. Please contact Genetec support for additional help.
Genetec Product | Version | Affected? | Details |
Security Center 5.X | All | No | |
Synergis Cloud Link | All | No | |
Genetec ClearID™ | All | No | |
Genetec Clearance™ | All | No | |
Curb Sense™ | All | No | |
AutoVu™ Sharp | All | No | |
AutoVu™ Patroller | All | No | |
Genetec Streamvault™ | All | No |
|
ATM Diebold Integration plugin | All | Under investigation | Uses Elastic Search 5.6.4. Impact under investigation. |
All other plugins | All | No |
Genetec discloses the third-party components used in some of its products in the Third-party Computer Software List available on the website.
For more information or assistance please log in to the Genetec Technical Assistance Portal (GTAP) to open a support case.