Log4Shell

Sangoma Log4Shell Statement

Sangoma has conducted a review of its products and services and has concluded that our customers are not at risk from the recent announcements of the "Log4Shell" zero-day arbitrary code execution vulnerabilities registered as CVE-2021-44228 and CVE-2021-45046. Sangoma's present, as of the afternoon of December 16th, 2021, findings are as follows:

Business Voice and Business Voice Plus - Not vulnerable
Sangoma Connected Workspace - Not vulnerable
Sangoma Contact Center (StarCenter 3) - Not vulnerable
Switchvox and Switchvox Cloud - Not vulnerable
Sangoma Telephones - Not vulnerable
Sangoma Vega Gateways and Digium Gateways - Not vulnerable
Sangoma IMG Gateways - IMG 2020: Not vulnerable. IMG 1010 GCEMS utilizes log4j 1.2.17, which is prior to the affected versions.
Sangoma Session Border Controllers - Not vulnerable
Sangoma and Digium line interface cards including JCT, Diva, and CG-series - Not vulnerable
Sangoma SmartOffice Access - Not vulnerable
FreePBX Distro - Not vulnerable
Asterisk - Not vulnerable

If new information becomes available to Sangoma, we will update this article accordingly.