RAD is a global leader for telecom access solutions. As an industry pioneer for over 40 years, RAD reliably supplies worldwide communications service providers and critical infrastructure operators with best-of-breed Ethernet access devices, industrial IoT gateways, 5G xHaul, and Operational WAN solutions. Offering always-on connectivity from anywhere, along with data-driven, AI-powered actionable insights, RAD is distinguished for its supply-chain stability, which outsteps the market in delivery times. Founded in 1981, RAD serves as the anchor of the $1.6 billion RAD Group, an umbrella of independent companies that develop diverse networking and data communications solutions.
Contact

Contact Us

This information will be used according to our Privacy Policy

Scroll to top of page

Security Alert

You are here

Home

Apache Log4j2 CVE 2021-44228: Vulnerability Response

 

RAD has been investigating the potential impact of the recently announced Apache Log4j2 CVE (Common Vulnerabilities and Exposures) #2021-44228

 

Following the investigation, we have identified a few RADview versions that are affected, as detailed below. A few other products – also detailed below – are still under investigation.

IMPORTANT: All other RAD products not listed below were investigated and determined not to be affected.

Affected RAD Products and Recommended Course of Action
At present, the only RAD products that were found vulnerable are:

  1. RADview versions 4.x running Red Hat/Centos 8.x:
    • A patch from Oracle is available.
    • Contact RAD Global Services to arrange this fix.
       
  2. RADview Central version 6.9.x: 
    • We are now working on a fix, which will be released to relevant customers as soon as ready.
    • While awaiting the fix, we recommend you stop RADview Central from the Admin Server – see instructions below.
  3. Web PM Portal in RADview versions 5.x and 6.x:
  • The RADview PM Web Server, which is part of the standard installation, is vulnerable
  • To solve the CVE-2021-44228 vulnerability of the Web PM Portal we have released a new patch – v3d – for RADview v6.9. 
  • We recommend that you upgrade your RADview version to the latest 6.9 release and deploy patch v3d.
  • If RADview 6.x is deployed on top of RH/CentOS version 8.x, note that you are also required to patch the embedded Oracle 19 version. Contact RAD Professional Services for further instructions and support.

Procedure for Stopping RADview Central v6.9.x

  • Go to the Admin Server.
  • In the Installation Directory, run the following command: #ansible-playbook -i hosts rv_stop.yml

Procedure for Disabling the Web PM Portal
RADview 5.x, 6.x Installations

The following procedure will stop and disable the Web PM Portal component in RADview 5.x and 6.x setups:

  1. Stop the RADview FE (Front End) server.
  2. Stop the RADview BE (Back End) server.
  3. Edit runner1.xml file located under c:\RV32\ems\conf directory in Windows and under/opt/MNG/MNGVIEWHP/ems/conf in Linux and put the apache section in comment, for example:    
     <!--apacheTomcat>
                                                    <start>
                                                                    <cmd>C:\RV32/WAN/apache/tomcat/bin/startup.bat</cmd>
                                                                    <wait>false</wait>
                                                    </start>
                                                    <stop>
                                                                    <cmd>C:\RV32/WAN/apache/tomcat/bin/shutdown.bat -force</cmd>
                                                                    <wait>true</wait>
                                                    </stop>
                                    </apacheTomcat-->
     
  4. Start the RADview BE server.
  5. Start the RADview FE server.

Moving Forward

 

RAD is continuously investigating and monitoring this situation, in line with ongoing global updates and best practices. We will keep you informed if any other RAD product will be found affected by this CVE.

For further questions, contact RAD Global Services.

Last updated May 26, 2022
 

What would you like to do?