Mist products are not impacted by the log4j2 vulnerability – CVE-2021-44228 – a vulnerability announced in certain versions of the Apache Log4j2 library. Exploitation of these vulnerabilities would allow a malicious actor to execute arbitrary code when message lookup substitution is enabled.
There is no action required by customers. The Mist Cloud Services and on premises products are not vulnerable to log4j2.
- Mist APs
- Mist Edge
- Junos Devices including EX and SRX
- Mist Cloud Services such as Wireless, Wired, and WAN assurance, and Marvis
For more information, please see:
- Apache Fixed in Log: https://logging.apache.org/log4j/2.x/security.html#:~:text=Fixed%20in%20Log4j%202.15.0
- CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
- Juniper Security Advisory: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259&cat=SIRT_1&actp=LIST
Who to contact for additional information?
Please contact Mist Support at email@example.com with any questions or concerns.