Security News

December 2021

In December 2021, a remote code execution vulnerability (CVE-2021-44228) was identified in Apache Log4j. Due to this vulnerability, an attacker with access to control log messages or log message parameters can execute arbitrary code loaded from LDAP servers. This affects log4j versions between 2.0-beta9 through 2.14.1

None of the products within the VIAVI Observer suite use Log4j within the affected range of release versions. Therefore, Observer Suite is not affected by this vulnerability and no action is needed.  

January 2018

In January 2018, the exploit Processor Security Bug "Meltdown and Spectre" was announced that allows access to the operating system's sacrosanct kernel memory because of how the processors handle "speculative execution," which modern chips perform to increase performance. The CPU vulnerability can be exploited from malicious code installed on a system or by visiting web sites with malicious code embedded into a compromised webpage.

Microsoft will resolve this issue in its next publicly available security update.

Firmware updates by Intel may be released as well; however, Intel has indicated that they will not be creating a firmware update for their CPU's but instead will work with vendors, like Microsoft, to properly patch the operating system.

Due to the nature of these issues, it is recommended that any web browser be kept up to date. Please refer to the vendor of your web browser for updates.

Additionally, we recommend that all customers do the following until an official patch from Microsoft is released:

  • Disable RDP or restrict access to VIAVI hardware appliances to only those authorized persons
  • Do not access the public Internet from a web browser installed on these systems
  • If you must access web pages from the system, access only reputable sites
  • Update your web browser

November, 2017

Separately, in November, 2017, Intel announced security vulnerabilities with some of its Intel CPUs. The Observer Platform hardware does not use any of the affected processors. No action needed. This is unrelated to Meltdown and Spectre.

WannaCry ransomware Microsoft Updates that patch the WannaCry/WannaCrypt/etc. ransomware vulnerabilities are fully compatible for VIAVI Observer Platform appliances. Update immediately.

March 1, 2016

SSLv2: The Observer Platform does not use SSLv2 and is not affected by the SSL vulnerability reported March 1, 2016.