On December 9th, the Apache Software Foundation announced that Log4J, a popular open-source logging framework for Java, was discovered to contain a remote code execution (RCE) vulnerability identified as CVE-2021-44228, named Log4Shell. This is an industry-wide vulnerability that requires attention for your entire software environment, and not just for Samsung Knox cloud services.
Log4Shell allows an attacker to execute arbitrary code by remotely triggering log messages with command payloads on services and systems, bypassing network security controls. The Samsung Knox team treats this issue with critical importance. To summarize the assessment of CVE-2021-44228 and also CVE-2021-45046 on Samsung Knox cloud services:
Vulnerability found & fixed:
- Knox Reseller Portal - Fixed Dec 14, 2021
- Knox Manage - Fixed Dec 13, 2021
No vulnerability found:
- Knox Admin Portal
- Knox Mobile Enrollment
- Knox Configure
- Knox Asset Intelligence
- Knox E-FOTA One
- Knox Managed Services Provider (MSP)
- Knox Guard
- Knox License Management
As of December 14th, both CVE-2021-44228 and CVE-2021-45046 have been mitigated with the recommended fix provided by the Apache Software Foundation. This fix has been deployed on the Knox Reseller Portal and Knox Manage, the two affected Knox cloud services.
We will continue assessing and neutralizing any potential further risk to ensure the security of our Knox cloud services, your data, and your systems.
The Samsung Knox team
