Log4J Vulnerability
Last week a vulnerability was published regarding the Apache log4j, a Java-based logging framework. The vulnerability leads to remote command execution (rce) that can easily be initiated by sending a specific string to any Java application that requires user input.
At the moment the internet is being scanned massively for hosts that have any web services open which could potentially be exploited. Our firewall vendors already have an IPS signature available that detect and drop this exploit, below an example:
Make sure your firewall has the latest IPS signature database downloaded, and IPS is enabled on any inbound firewall rules for internet-facing hosts, specifically port 80.
Our firewall vendors have the following guidelines available:
- Palo Alto Networks: https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
- Fortinet: https://www.fortiguard.com/outbreak-alert/log4j2-vulnerability
- Barracuda Networks: https://campus.barracuda.com/news/item/2AK9N
Below a list of our vendor products that are possibly affected by this exploit. We have excluded any SaaS solutions from the list as this is the vendors responsibility:
Alcatel-Lucent Enterprise
Omniswitch / Stellar / Omnivista not affected : https://www.al-enterprise.com//en/-/media/assets/internet/documents/n-to-s/sa-c00068ed3-en.pdf
Aruba
Not affected : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt
Barracuda Networks
Barracuda Cloudgen Firewalls not affected: https://campus.barracuda.com/news/item/2AK9N
Barracuda Web Application Firewall not affected: https://campus.barracuda.com/product/webapplicationfirewall/doc/96024300/apache-log4j-critical-vulnerability-cve-2021-44228/
Barracuda Sentinel, VPN client, Cloud Services unknown
Canary
Not affected : https://help.canary.tools/hc/en-gb/articles/4413586714001-Canary-and-the-Apache-Log4j-vulnerability-CVE-2021-44228-
Tip: use Canary token to help detect CVE-2021-44228: https://help.canary.tools/hc/en-gb/articles/4413465229201-Using-a-Canarytoken-to-help-test-for-CVE-2021-44228-log4j-log4shell-
Cisco
Under investigation: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Fortinet
Fortigate not affected: https://www.fortiguard.com/outbreak-alert/log4j2-vulnerability
Palo Alto Networks
Not affected: https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
Pulse Secure
Not affected: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR
Trend Micro
Officescan / ApexOne / WorryFree not affected: https://success.trendmicro.com/solution/000289940
Rapid7
InsightIDR not affected: https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/
