The Tellabs® Panorama™ PON Manager, Tellabs Optical LAN (OLAN) Optical Line Terminals (OLT) and Optical Network Terminals (ONT) are NOT vulnerable to the Log4j Java attacks.
The Tellabs OLT and ONT do not contain any Java-based code, or any Java-based tools or software. The Panorama PON Manager does not use the Log4j toolkit or any of the Apache frameworks. Our software has been actively scanned to ensure that the Log4j software is not present within any Tellabs applications. We recommend that the Panorama PON servers, and clients, should be scanned with a recently updated security scanner to ensure that administrators have not installed any applications unrelated to the Tellabs software that might expose the Panorama PON Server or client machines to the vulnerability.
This flaw in a Java library for logging error messages in applications is currently being exploited by hackers around the world. Log4j is widely deployed within enterprise businesses and thus represents a significant global cybersecurity gap that can be manipulated by criminals. Log4j Java vulnerability is a serious security weakness and is a top concern for cybersecurity specialist as well as IT staff.
At Tellabs, all software releases, including OLTs, ONTs and Panorama PON Manager, are scanned with Nessus and other penetration testers. These scanning tools are continually evolving and updating to detect new threats and are run on a regular cadence as part of our testing procedures. These clean equipment and software security scans provide confidence to our customers that the Tellabs OLAN systems are secure.