Dear Valued Customer:
As you are aware, the entire global supply chain continues to be impacted due to the Coronavirus. At this time, material shortages, extended lead times and transportation delays are impacting manufacturing. Therefore, it is probable that Tellabs deliveries will continue to face extended lead times. Our operations team members continue to work diligently with suppliers to minimize disruption of our supply chain and fulfill orders in a timely manner. We ask that our partners and customers continue to work closely with their Tellabs Account Executive to place your orders early to assist in keeping your projects on track.
Our entire organization is very focused on minimizing impact to our partners and customers. Tellabs will continue to provide exceptional service and support to our partners and customers in a safe manner.
Tellabs Log4j Security Advisory:
- The Tellabs Panorama PON EMS, Tellabs OLAN OLTs and Tellabs ONTs are NOT vulnerable to the Log4j Java vulnerability. The OLT and ONT do not contain any java based code, or any java based tools or software. The Panorama PON EMS does not use the Log4j toolkit or any of the apache frameworks.
- Our software has been actively scanned to ensure that the Log4j software is not present within any Tellabs application. Panorama PON servers and clients should be scanned with a recently updated security scanner to ensure that administrators have not installed any applications unrelated to the Tellabs software that might expose the Panorama PON Server or client machines to the vulnerability
- Panorama for T1000 management along with the T1000 series of MSAPs are NOT vulnerable to the Log4j threat. The software is all implemented in C/C++ and no Java Components are present.
- Panorama INM used in some older T1000 MSAP and voice gateway platforms does have Java based components but they do not include the log4j component and are therefore not vulnerable.
- The Oracle and Postgres databases used by the Panorama various versions of the EMS at the time of this advisory do not appear to be vulnerable but customers should be guided by any security advisories from Oracle or Postgres for future advisories from those vendors and always apply any recommended security patches.
President & CEO