Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Newbie
    Join Date
    Jan 2022
    Posts
    1

    Default

    I'm curious too. Is it vulnerable?

  2. #12
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,935

    Default

    Command Center is NOT vulnerable to log4j!

    It was only ever brought up as an example... if not log4j today, what new vulnerability tomorrow? Ie: if you're not really using it because you only have one Untangle installation and have good VPN/remote access setup on your own, Command Center only represents increased attack surface.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Exactly due to the nature of NGFW, and Microedge, the Command Center is always additional attack surface.

    The question is, does the additional attack surface do something for you that makes it worth the risk? That's something everyone has to answer on their own.

    But no, I do not believe Command Center uses Java code, which means no Log4j at all to be vulnerable in this case. But again EVEN IF IT DID, it'd still be mitigated because the command center is 100% behind CloudFlare's amazing proxy service. And Cloudflare was very much out in front on the log4j situation just as they are everything else.

    Untangle is paying the right people to secure access to Command Center, it's gold star, doesn't get any better. Untangle has Untangle'd Command Center. You don't have to functionally worry about it.

    The product is missing features, but it's deployed very well.
    dashpuppy likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #14
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    703

    Default

    Quote Originally Posted by sky-knight View Post
    Exactly due to the nature of NGFW, and Microedge, the Command Center is always additional attack surface.

    The question is, does the additional attack surface do something for you that makes it worth the risk? That's something everyone has to answer on their own.

    But no, I do not believe Command Center uses Java code, which means no Log4j at all to be vulnerable in this case. But again EVEN IF IT DID, it'd still be mitigated because the command center is 100% behind CloudFlare's amazing proxy service. And Cloudflare was very much out in front on the log4j situation just as they are everything else.

    Untangle is paying the right people to secure access to Command Center, it's gold star, doesn't get any better. Untangle has Untangle'd Command Center. You don't have to functionally worry about it.

    The product is missing features, but it's deployed very well.
    Now they just need to setup proper 2fa instead of email 2fa codes DAMN i can wish hard on this !
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Quote Originally Posted by dashpuppy View Post
    Now they just need to setup proper 2fa instead of email 2fa codes DAMN i can wish hard on this !
    The only thing worse than bad software is good software that's almost perfect!
    dashpuppy likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    703

    Default

    Quote Originally Posted by sky-knight View Post
    The only thing worse than bad software is good software that's almost perfect!
    I'll drink to that !
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  7. #17
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,042

    Default

    Back to the first post.

    My guess would be that scoutiq is activated in your virus blocker app.
    https://www.untangle.com/cloud/scout-iq/

    My guess is that Scoutiq is connected to CMD and pushes data to that platform.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2