Mist Security Advisory – Log4j2 Vulnerability

CVE: CVE-2021-44228
 

Summary 

Mist products are not impacted by the log4j2 vulnerability – CVE-2021-44228 – a vulnerability announced in certain versions of the Apache Log4j2 library. Exploitation of these vulnerabilities would allow a malicious actor to execute arbitrary code when message lookup substitution is enabled. 

Affected Products

There is no action required by customers.  The Mist Cloud Services and on premises products are not vulnerable to log4j2.   

Unaffected Products: 

  • Mist APs 
  • Mist Edge 
  • Junos Devices including EX and SRX 
  • Mist Cloud Services such as Wireless, Wired, and WAN assurance, and Marvis 

 For more information, please see:  

Who to contact for additional information? 

Please contact Mist Support at support@mist.com with any questions or concerns.