The Log4j (also called Log4Shell) software vulnerability has sent the IT world into a panic, and for good reason. Turns out that this bit of off-the-shelf Java code, which has been plugged into tens of thousands of software programs and is running on millions of devices worldwide, has a flaw that allows a bad actor to bypass the authentication step in affected programs and gain remote access into IT systems. The flaw potentially impacts consumer and enterprise software, gaming platforms, IoT devices, managed services provider (MSP) platforms, other cloud services, smartphones…pretty much every class of computing.
As David Jones, a reporter at Cybersecurity Dive notes, “What is considered dangerous about this particular vulnerability is that an attacker does not need sophisticated programming experience or engineering background to exploit the vulnerability. They can simply write a line of code and gain remote access to a device.”
Sure enough, scans by Check Point Software have identified 3.7 million attempts to exploit the vulnerability since it was reported publicly on December 9, and that figure is growing exponentially. Check Point’s analysis estimates that nearly half of those attempts were made by known organized malicious groups, including state-sponsored hacking groups in Russia, Iran, and North Korea. A breach could lead to hackers gaining access to company and customer data, or locking companies and individuals out of their systems in a ransomware attack.
As the scope of the problem would indicate, the document imaging industry is not immune. PaperCut has issued a patch for its popular print management platform to remediate the problem, and Kofax is maintaining a list of impacted products with links to the fixes. The CareAR business unit of Xerox has reported that one version of the DocuShare content management platform employs the suspect code. But not every software or cloud service is impacted. NT-ware reports that its uniFLOW platform and associated device components are unaffected, and Ricoh is showing that its office-class devices and software platforms (including DocuWare) are not at risk (production-class printers have also been deemed as not impacted, although the company notes that further investigation is ongoing).
That said, as with any security vulnerability, it is incumbent upon customers and resellers to proactively check with their suppliers to see if software or systems in use are at risk, and to be vigilant about updating software and firmware whenever the developer or manufacturer releases a security update.
Log in to the InfoCenter to view research and report on document imaging security through our Office CompleteView Advisory Service. If you’re not a subscriber, just send us an email at sales@keypointintelligence.com for more info.