Neat Statement on the Log4Shell Exploit

Last updated December 14, 2021

CVE-2021-44228

Earlier this week, a serious vulnerability in a commonly used open-source logging library was exposed and is being actively exploited across the internet, putting a lot of organizations at risk, including the likes of corporate giants like Apple, Amazon, Tesla and Microsoft.

You can read more about it here: https://www.theverge.com/2021/12/10/22828303/log4j-library-vulnerability-log4shell-zero-day-exploit

How serious is it?
It’s a 0-Day vulnerability, meaning it’s top priority and every effort should be made to patch affected servers as quickly as possible.

Who does it affect?
Organizations with servers running the open-source Java logging library log4j.

Does that include Neat devices?
No. We do not run this logging library on any of our servers or devices.

What is Neat’s exposure?
We have zero direct exposure to this exploit as we are not running this library anywhere within our organization, or on our devices. We’ve interrogated all our hardware devices, environments, services, cloud platforms, and are confident we are not directly exposed to an attack through this exploit. Our products and underlying services remain secure and unaffected. Furthermore, we have reached out to our third-party vendors that we use for client management and sales processes to assess how they might be affected. If there’s anything to be concerned about here from a privacy point of view, we’ll reach out and let you know. As of right now, there’s no indication that we need to be worried.

How will this affect Zoom / Teams?
As of right now, they have remained unaffected, and we’re working closely with Zoom and Microsoft to understand if this might change in the coming days.

Can I expect disruption to internet services in general?
It’s a fluid situation and the attack is spreading fast across the internet, which may affect underlying services that we, and other companies that provide great services, have come to rely on. Affected companies will need time to patch their servers, and it’s not unreasonable to expect that some downtime may be experienced somewhere along the chain of dependencies that we use in our every day lives.

Is there anything I need to do with regards to my Neat devices?
No. We’ve got you covered, and we will let you know if there’s any action needed in the future.

If you have any further questions or security concerns, please send an email to security@neat.no or log a ticket with our customer support.