Enghouse Vidyo is aware that a security vulnerability, CVE-2021-44228, has been identified against Apache Log4j, and this vulnerability could allow unauthenticated remote code execution on servers. Apache Log4j is an open source Java logging library widely used in many enterprise applications and numerous cloud services. For more information about the Apache Log4j vulnerabilities, see this article and the official CVE-2021-44228 article.
Vidyo takes security very seriously and treats this issue with the utmost priority. While there has been no successful exploitation of this attack on Vidyo servers, Vidyo is releasing a patch that mitigates this risk.
- VidyoPortal version 21.4.x or earlier.
- Enghouse Vidyo has released a security patch to the VidyoPortal to mitigate this risk on the VidyoPortal.
What actions can I take?
- If you are an on-premises customer, Enghouse Vidyo strongly advises you to immediately update your VidyoPortal software as listed in the following table. Downloads are available from the Portal and Router Packages page.
If you have this VidyoPortal version... You must immediately apply this patch 19.2.0 or later Update_VP1920_or_above_Patch-CVE-2021-44228-signed.vidyo 17.2.0 - 19.1.0 Update_VP1910_or_below_Patch-CVE-2021-44228-signed.vidyo
- If you are a cloud customer, you don’t need to take any action. We are in the process of applying the update for you. Please refer to the notifications you receive from the VidyoCloud Statuspage for the most current information.
If you need help, contact your Vidyo Reseller or contact the Vidyo Support Team via email or phone at the locations listed in the Contact Us article.