Mailing List Archive

yet

-----Original Message-----
From: cisco-voip <cisco-voip-bounces@puck.nether.net> On Behalf Of Kent Roberts
Sent: Monday, December 13, 2021 11:04 AM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Log 4j fun

CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp@uoguelph.ca


For those having to deal with this, and for those that might not know about it……. Here is Cisco’s info on the fun. At least CUCM is not on the list…..



https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Some SUs of UCM 11.5 are on the list.

Here’s an aggregate list for multiple vendors:

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

> On Dec 13, 2021, at 10:24, Lelio Fulgenzi <lelio@uoguelph.ca> wrote:
>
> ?yet
>
> -----Original Message-----
> From: cisco-voip <cisco-voip-bounces@puck.nether.net> On Behalf Of Kent Roberts
> Sent: Monday, December 13, 2021 11:04 AM
> To: cisco-voip@puck.nether.net
> Subject: [cisco-voip] Log 4j fun
>
> CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp@uoguelph.ca
>
>
> For those having to deal with this, and for those that might not know about it……. Here is Cisco’s info on the fun. At least CUCM is not on the list…..
>
>
>
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

Well last update today…. And su’s adding… bet that list will be longer than Santa’s list when this is done….


> On Dec 13, 2021, at 9:40 AM, Gentoo <gentoo@ucpenguin.com> wrote:
>
> Some SUs of UCM 11.5 are on the list.
>
> Here’s an aggregate list for multiple vendors:
>
> https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 <https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592>
>
>> On Dec 13, 2021, at 10:24, Lelio Fulgenzi <lelio@uoguelph.ca> wrote:
>>
>> ?yet
>>
>> -----Original Message-----
>> From: cisco-voip <cisco-voip-bounces@puck.nether.net> On Behalf Of Kent Roberts
>> Sent: Monday, December 13, 2021 11:04 AM
>> To: cisco-voip@puck.nether.net
>> Subject: [cisco-voip] Log 4j fun
>>
>> CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp@uoguelph.ca
>>
>>
>> For those having to deal with this, and for those that might not know about it……. Here is Cisco’s info on the fun. At least CUCM is not on the list…..
>>
>>
>>
>> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip

It wasn't earlier but it looks like they've unconfirmed its vulnerability status.

Rad.

-----Original Message-----
From: cisco-voip <cisco-voip-bounces@puck.nether.net> On Behalf Of Lelio Fulgenzi
Sent: Monday, December 13, 2021 11:14 AM
To: Kent Roberts <kent@fredf.org>; cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] Log 4j fun

yet

-----Original Message-----
From: cisco-voip <cisco-voip-bounces@puck.nether.net> On Behalf Of Kent Roberts
Sent: Monday, December 13, 2021 11:04 AM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Log 4j fun

CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp@uoguelph.ca


For those having to deal with this, and for those that might not know about it....... Here is Cisco's info on the fun. At least CUCM is not on the list.....



https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.cisco.com%2Fsecurity%2Fcenter%2Fcontent%2FCiscoSecurityAdvisory%2Fcisco-sa-apache-log4j-qRuKNEbd&amp;data=04%7C01%7Cajp26%40buffalo.edu%7C2c780f17d4ee4152304808d9be54a163%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637750092964350710%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=Ih9AjojjljwRnpiYPLWNwG5xSbi3lx0rCniGnKcpJcs%3D&amp;reserved=0
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&amp;data=04%7C01%7Cajp26%40buffalo.edu%7C2c780f17d4ee4152304808d9be54a163%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637750092964350710%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=zGs1LM2cPgF%2BSvfWy%2BFNBm3WKH%2BOJmmS%2FkaskIALOD8%3D&amp;reserved=0
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&amp;data=04%7C01%7Cajp26%40buffalo.edu%7C2c780f17d4ee4152304808d9be54a163%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637750092964350710%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=zGs1LM2cPgF%2BSvfWy%2BFNBm3WKH%2BOJmmS%2FkaskIALOD8%3D&amp;reserved=0
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

It seems like stuff is appearing, disappearing then reappearing from the vulnerable products section.

Expressway was vulnerable. Now it’s not?

The revision history sucks.

Sent from my iPhone

> On Dec 13, 2021, at 11:56 AM, Adam Pawlowski <ajp26@buffalo.edu> wrote:
>
> ?CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp@uoguelph.ca
>
>
> It wasn't earlier but it looks like they've unconfirmed its vulnerability status.
>
> Rad.
>
> -----Original Message-----
> From: cisco-voip <cisco-voip-bounces@puck.nether.net> On Behalf Of Lelio Fulgenzi
> Sent: Monday, December 13, 2021 11:14 AM
> To: Kent Roberts <kent@fredf.org>; cisco-voip@puck.nether.net
> Subject: Re: [cisco-voip] Log 4j fun
>
> yet
>
> -----Original Message-----
> From: cisco-voip <cisco-voip-bounces@puck.nether.net> On Behalf Of Kent Roberts
> Sent: Monday, December 13, 2021 11:04 AM
> To: cisco-voip@puck.nether.net
> Subject: [cisco-voip] Log 4j fun
>
> CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp@uoguelph.ca
>
>
> For those having to deal with this, and for those that might not know about it....... Here is Cisco's info on the fun. At least CUCM is not on the list.....
>
>
>
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.cisco.com%2Fsecurity%2Fcenter%2Fcontent%2FCiscoSecurityAdvisory%2Fcisco-sa-apache-log4j-qRuKNEbd&amp;data=04%7C01%7Cajp26%40buffalo.edu%7C2c780f17d4ee4152304808d9be54a163%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637750092964350710%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=Ih9AjojjljwRnpiYPLWNwG5xSbi3lx0rCniGnKcpJcs%3D&amp;reserved=0
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&amp;data=04%7C01%7Cajp26%40buffalo.edu%7C2c780f17d4ee4152304808d9be54a163%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637750092964350710%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=zGs1LM2cPgF%2BSvfWy%2BFNBm3WKH%2BOJmmS%2FkaskIALOD8%3D&amp;reserved=0
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&amp;data=04%7C01%7Cajp26%40buffalo.edu%7C2c780f17d4ee4152304808d9be54a163%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637750092964350710%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=zGs1LM2cPgF%2BSvfWy%2BFNBm3WKH%2BOJmmS%2FkaskIALOD8%3D&amp;reserved=0
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip