Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1380
Views
0
Helpful
2
Replies

Duo Gateway Linux log4j

mike.s
Level 1
Level 1

‎12-21-2021 08:16 AM

Does the Duo Gateway on Linux have any vulnerabilities related to log4j?

Labels:
0 Helpful
2 Replies 2

Amy2
Level 5
Level 5

‎12-21-2021 11:05 AM

Hi @mike.s, thanks for sharing your question here. The TL;DR version of the answer to your question is no. The longer version can be read below:

Duo has completed an initial review of all relevant product components or services and has not identified any that were vulnerable to possible attack as a result of the Log4j (CVE-2021-44228) vulnerability. We are continuing to audit our systems as a precautionary measure. Duo customers do not need to take any action at this time.

Where applicable, we have patched product components or services that used an affected version of Log4j. However, none of these systems have any known paths to exploitation. We have chosen to identify as affected but remediated on the Cisco CVE response page out of an abundance of caution as we continue our audit.

We are continuing to monitor the situation and will provide customers with further updates if any action is required.

0 Helpful

mike.s
Level 1
Level 1

‎12-21-2021 12:32 PM

Excellent news, thank you for replying!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents