Response to Log4j Vulnerability [CVE-2021-44228]
Most Edgecore products do not use Apache and Java libraries for system login. After investigation, no known scenarios of Apache Log4J vulnerabilities have been identified with any of Edgecore products including:
Edgecore’s legacy NMS product “NetworkEC View Pro” uses Apache 1.2.15, which is not one of listed vulnerable versions such as Apache Log4j2 2.0-beta 9 through 2.12.1 and 2.13.0 through 2.15.0. This legacy product is already declared End-Of-Life.
- Open networking cloud data center solutions (switches)
- Open networking service provider solutions (routers)
- Enterprise switches with EdgeCOS
- Websmart switches (ECS2020) and Industry switches (ECIS4510)
- Open operating system: Edgecore SONiC
Edgecore’s legacy NMS product “NetworkEC View Pro” uses Apache 1.2.15, which is not one of listed vulnerable versions such as Apache Log4j2 2.0-beta 9 through 2.12.1 and 2.13.0 through 2.15.0. This legacy product is already declared End-Of-Life.