Updated January 3, 2022

What is Log4Shell (CVE-2021-44228)?

Log4Shell is a previously unknown vulnerability in the logging (Log4j) software used by many applications that use the Java programming language. Most notably, this software is used in the Apache webserver which can be found in many applications that use a web-based front end for web-based APIs.

It was first publicly disclosed on December 9, 2021, and is estimated to impact hundreds of millions of devices.

For More Information:


Next Steps

Because of the severity and wide reach of this vulnerability, you need to make sure your security systems are not impacted. We’ve compiled a list of our most installed systems and the impact of Log4Shell below.

If you have an active maintenance contract and your system is vulnerable, we will be reaching out to schedule a support ticket for resolution. If you are not covered under a maintenance agreement or are unsure if your products are secure, please contact our service department.

Don’t know where to start?

Contact our Service Department today by email (service@adirondacksecurity.com)  or call 518-452-0124 option 2

ManufactureSystem TypesImpacted
LenelDoor Access Control, Video, and Visitor ManagementYes
S2Access Control and VideoYes
AxisCameras and Video Management SystemNo
MilestoneVideo Management SystemNo
Ava AwareCloud-Based Video Management SystemNo
ExacqVideo Management SystemNo
Hanwah/SamsungCameras and Video Management SystemNo
OpenpathCloud-Based Door Access ControlNo
BrivoCloud-Based Door Access ControlNo
EagleEyeCloud-Based Video Management SystemYes
AiPhoneIntercom SystemNo
UbiquitiPoint to Point Wireless, Switches, and Wireless Access PointsYes
BoschCameras, Alarm SystemsUnder Review
Interlogix TruPortalDoor Acces ControlUnder Review


Door Access Control, Video, and Visitor Management

Impacted Systems

  • Lenel OnGuard software versions 8.0 (and 8.0 Update 1)


Statement from Lenel/S2

Our December 16, 2021 memo provided a temporary mitigation for OnGuard software versions 8.0 and 8.0 Update 1, which disabled the vulnerable Log4j code but also disabled the “OnGuard Reporting & Dashboards” functionality. As of Friday, December 17, 2021, a patch is now available for these OnGuard versions that updates the Log4j components to the latest version as of that date, providing a permanent fix for the known Log4j vulnerabilities.


Access Control and Video

Impacted Systems

  • NetBox version 5.4.3 and below
  • NetBox Global software versions 3.0 and below
  • VRx software versions 5.4.2 and below
  • Elements Video Recorder version 2021-1209A and below.
  • NetVR™ software versions 5.4.3 and below


Statement from Lenel/S2

The products listed above (other than OnGuard software versions 8.0 and 8.0 Update 1) do contain Log4j version 1.2.x, however, that Log4j tool is vulnerable only when configured to use JMSAppender (as explained in CVE-2021-4104 ), which is not the case in any of these Lenels2 products. Nonetheless, it is still our intention to provide updates for these products to eliminate the vulnerable version of Log4j.


Video Management System

Not Impacted



Cameras and Video Management System

Not Impacted


Ava Aware

Cloud Based Video Management System Cameras

Not Impacted

Statement from Ava

Ava Aware: All Stable versions – NOT Impacted All Beta versions – NOT Impacted

Ava Cameras: All Stable versions – NOT Impacted All Beta versions – NOT Impacted

Ava Aware Mobile Apps (IOS + Android): All versions – NOT Impacted

Ava Cloud: NOT Impacted


Video Management System

Not Impacted



Cameras and Video Management System

Not Impacted



Cloud-Based Door Access System

Not Impacted



Cloud-Based Door Access System

Not Impacted

Statement from Brivo

Brivo does not utilize Log4j for logging within our applications. Brivo’s engineering and
cybersecurity teams are currently analyzing all 3rd party integrations and external
dependencies with other systems to ensure that this vulnerability is not present anywhere
within the larger Brivo ecosystem.


Cloud-Based Video Management System

Fixes being delivered automatically:



Not Impacted


Point to Point Wireless Network and Wireless Access Points

Impacted Systems

  • Ubiquiti Network Control


Update the UniFi Network application to Version 6.5.54 or later.



Under Review

Bosch will release updates here:


Interlogix TruPortal

Under Review

By | 2024-01-24T21:10:38+00:00 December 17th, 2021|Categories: Uncategorized|Tags: , |0 Comments

About the Author: