Skip to main content

Ivanti Updates Log4Shell Advisory with Security Updates for Multiple Products

Ivanti has updated their Log4Shell advice and released multiple security updates.

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Ivanti has updated their Log4Shell advice and released multiple security updates.


Threat details

NHS Digital response to Log4Shell

This alert is part of NHS Digital's wider response to the Log4Shell remote code execution vulnerability. For more information on Log4Shell itself, please visit our cyber alerts article Log4Shell RCE Vulnerability CC-3989.
 

NHS and social care organisations are invited to use the Cyber Associates Network to find out additional information and participate in discussion about the Log4Shell remote code execution vulnerability and affected products.


Introduction

Ivanti has released security updates to address the Log4Shell vulnerability in their MobileIron, File Director, and Avalanche products.  A remote unauthenticated attacker could exploit the Log4Shell vulnerabilities to take control of affected systems.

In December 2021, NHS Digital issued a high severity alert for the affected MobileIron products as they sit in the DMZ and are vulnerable to a RCE attack due to the Log4Shell vulnerability.


Remediation advice

Affected organisations should review the CVE-2021-44228 - Java logging library (log4j) - Ivanti Products Impact Mapping advisory and apply the necessary updates and workarounds.



Last edited: 17 January 2022 4:43 pm