The Symantec EDR team investigated the log4j vulnerability described in CVE-2021-45046 and CVE-2021-44228. Some components of the EDR on-premises appliance contain log4j versions that are known to be exposed to the vulnerability and may be impacted.
To address CVE-2021-45046 we have released a patch/hotfix. This patch (atp-patch-generic-4.6-1) is applicable to EDR 4.6.0, 4.6.5, and 4.6.7. If SEDR Version is less than 4.6.0 then please upgrade to latest EDR Version 4.6.8.
To address CVE-2021-44228 Symantec strongly recommends to upgrade EDR Version to EDR 4.6.8, The upgrade also takes care of CVE-2021-45046.
i.e If SEDR is on version 4.6.8 both the CVE's (CVE-2021-45046 /CVE-2021-44228) are addressed.
To install patch atp-generic-4.6-1
- At the admin CLI of EDR, type:
- If the current version is 4.6.0, 4.6.5, or 4.6.7, proceed to step 5. If you are on a prior version, then type:
- If no errors occur during update download, type:
- Updating the software version may require up to two reboots of EDR appliance before continuing. Once on 4.6.8, there is no need to apply the patch atp-patch-generic-4.6-1
- To confirm the installed patches, type:
- If "atp-patch-generic-4.6-1" appears in the output, the EDR appliance is already patched for this issue. No further action is needed for this particular EDR appliance.
To check for the patch in the download repository, type:
- If "atp-patch-generic-4.6-1" does not appear in the download repository, please contact support for further assistance and reference KB #. Also copy and paste the output from this command into the case comments.
To download the patch, type:
patch download atp-patch-generic-4.6-1
- To install the patch, type:
patch install atp-patch-generic-4.6-1
- During patch installation, the patch restarts services, making the UI temporarily unavailable. If the UI remains unavailable after an hour, please file a support ticket for further assistance.