search cancel

Are NetOps products running on Windows platform affected by vulnerability CVE-2021-26414

book

Article ID: 244333

calendar_today

Updated On:

Products

DX NetOps CA Spectrum CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

Generic question whether NetOps products (Spectrum, PM, NFA, VNA) are affected by Windows vulnerability CVE-2021-26414)

May the recommended MicroSoft patch KB5004442 have any impact on the NetOps environment running on Windows platform:
https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

Environment

Release : 21.2

Component : Spectrum 
                      Network Flow Analysis

Resolution

This vulnerability is not affecting NetOps Performance Management and NetOps Virtual Network Assurance as they are running on Linux only.

We have no indication or reported problems for the CVE-2021-26414 vulnerability for NetOps Spectrum and NetOps Network Flow Analysis running on Windows platform.

According to the vulnerability details from this Microsoft link
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

this is an Operating System specific security issue, so they could install the related patch to enable the protection as Microsoft recommends.