Log4Shell critical vulnerability's impact on Genetec products
On December 9th, 2021, researchers have published a proof-of-concept (PoC) exploit code for a critical vulnerability in Apache Log4j. Entitled Log4Shell, this vulnerability might affect a Security Center Plugin.
Risk assessment
This vulnerability, identified as CVE-2021-44228, allows an unauthenticated attacker to execute code remotely. It has a CVSSv3.1 score of 10.0 (critical).
Details
The Log4Shell vulnerability affects the Apache log4j 2 library (all versions before 2.14.1), a widely-used open source Java logging library developed by the Apache Foundation.
The Security Center ATM Diebold Integration plugin uses Elastic Search 5 which itself uses the log4j library. The impact of that usage is under investigation. No other products are impacted.
Recommendation
As a precautionary measure, Genetec recommends updating the Elastic Search version of the ATM Diebold plugin to 6.8.21. Please contact Genetec support for additional help.
|
Genetec Product |
Version |
Affected? |
Details |
|
Security Center 5.X |
All |
No |
|
|
Security Center SaaS Edition |
All |
No |
|
|
Synergis Cloud Link |
All |
No |
|
|
Genetec Stratocast™ |
All |
No |
|
|
Genetec ClearID™ |
All |
No |
|
|
Genetec Clearance™ |
All |
No |
|
|
Curb Sense™ |
All |
No |
|
|
AutoVu™ Sharp |
All |
No |
|
|
AutoVu™ Patroller |
All |
No |
|
|
Genetec Streamvault™ |
All |
No |
|
|
ATM Diebold Integration plugin |
All |
Under investigation |
Uses Elastic Search 5.6.4. Impact under investigation. |
|
All other plugins |
All |
No |
Genetec discloses the third-party components used in some of its products in the Third-party Computer Software List available on the website.
For more information or assistance please log in to the Genetec Technical Assistance Portal (GTAP) to open a support case.