MediaCentral Cloud UX v2020.4 and later include versions of Kubernetes that resolve this issue. In accordance with Avid’s current security guidelines, Avid strongly recommends that all users who require remote access to MediaCentral Cloud UX connect through a VPN.ĭetails on the vulnerability are provided here: Avid recommends that customer production environments remain non-public in a separate domain, or otherwise isolated from external public access. MediaCentral Cloud UX v2018.6 and higher uses Kubernetes and could potentially be affected.įor customers adhering to Avid security recommendations and best practices, Avid believes that the threat is low. Kubernetes ( ) has identified an issue where unauthorized users can gain access to a system running the Kubernetes software. Please review the following document for more information, and follow Avid Best Practices for isolating your Avid systems from the internet.Īvid_Technology_Log4j_Assessment.pdf (updated February 9, 2022) MediaCentral Cloud UX CVE-2021-4034 ReadMeĪvid is aware of the recently reported Apache Log4j RCE vulnerability. You can find the details of this issue and the installation instructions on the readme here: The Severity on this issue is high and this is considered a mandatory patch. To mitigate the impact, Avid recommends that you isolate this server from the internet.įor details on this process, see the following Avid Knowledge Base article:įor more information, see the “FlexNet Device Manager for Avid Administration Guide” at:įor more information on the SpringShell Zero Day vulnerability, see the following link:Īvid MediaCentral | Cloud UX security update/patch CVE-2021-4034 released on March 30th. FlexNet Device Manager is the only Avid product that is affected by this vulnerability. Since this activity is considered as a workaround, it is highly recommended to update VMWare ESXi by applying all patches available from the vendor. More details may be discovered from vendor's security announcement: Īlso, alongside with applying the patch it is recommended to perform security analysis over VMWare ESXi instance and search for signs of potential compromise.Īvid has closed the investigation the CVE-2022-42889 ( Text4shell) issue and no Avid products were found to have this vulnerability.Īvid has concluded its investigation of the SpringShell Zero Day vulnerability. Which is intended to prevent CIM clients from locating CIM servers through the SLP service. It is recommended to apply a workaround published by the VMWare ESXi vendor by the link: ESXi 7.x versions earlier than ESXi70U1c-17325551.This vulnerability affects the Service Location Protocol ( SLP ) service and allows a attacker to remotely exploit arbitrary code.Īs it comes from the list of versions being affected by the CVE-2021-21974, VMWare ESXi systems not only of versions 6.x and prior to 6.7, but, the following: Patch for for CVE-2021-21974 has been available since February 23, 2021. If your site uses VMWare please ensure you are following the best practices and procedures to ensure that if you have Avid software running in a VMWare environment you will not have any vulnerabilities. The description of the infiltration point suspected to be used by malicious actors is covered in CVE-2021-21974.Īvid has completed its investigation and found that no Avid software is affected. Suspected aim of the campaign is to deploy ransomware on to VMWare ESXi systems.Īn authoritative source also made an announcement. On FebruAvid became aware of the attack campaign which is targeting VMWare ESXi hypervisors. If you have any concerns, please contact our support team who will be able to assist: We will keep you updated on any news as soon as we can. Thank you for your patience while we investigated with Microsoft this weekend to clarify the validity of the warning and integrity of our installer. Virus & threat protection and click "Check for updates".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |