The Apache Software Foundation has released a security advisory to address a Remote Code Execution vulnerability (CVE-2021-44228, CVE-2021-45046 & CVE-2021-44832) & Denial of Service (CVE-2021-45105) being actively exploited in the wild. A remote attacker could exploit these vulnerabilities to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. System administrator should take remediation immediately.
Apache Log4j versions between 2 and 2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. Attacker who can control log messages or log message parameters can
execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.
However, Apache Log4j 2.15.0 was incomplete in certain non-default configurations. It could allow attackers with
control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}) to craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 fixes this issue by removing the message lookups feature.
Another finding in Apache Log4j2 versions 2.0-beta7 through 2.17.0 which are vulnerable to a remote code execution (RCE) attack where:
an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
CVE-2021-45105 (Denial of Service Vulnerability)
It was found that Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. This could
allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout either with a Context Lookup (for example, $${ctx:loginId}) to craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. this is also known as denial of service (DOS) attack. This issue was fixed in Log4j 2.17.0, 2.12.3 and 2.3.1.
Severity Level
Critical
Affected Systems & Remediation
(1) Products confirmed affected:
Products
Affected Systems
Hotfix status
Remediation
Reference
Apache
All Apache Log4j Java Library versions from 2.0-alpha1 to 2.17.0.
Log4j 2.17.1 is ready
Upgrade to Log4j 2.17.1 or apply the recommended mitigations immediately.
PAN-OS 9.0, PAN-OS 9.1, and PAN-OS 10.0 versions for Panorama
This issue is only applicable to Panorama hardware and virtual appliances that have run in Panorama Mode or Log Collector Mode as part of a Collector Group. You can determine if the Panorama is part of a Collector Group by visiting ‘Panorama > Managed Collectors’ from the web interface.
Fixes in PAN-OS 9.0.15, PAN-OS 9.1.12-h3, PAN-OS 10.0.8-h8 are available.
Please apply the fix immediately.
If Panorama is running an impacted version of PAN-OS, and you are able to upgrade to PAN-OS 10.1, upgrade all appliances in affected Collector Groups to the latest PAN-OS 10.1 Preferred release (PAN-OS 10.1.3-h1 at time of publication) to remediate these issues.
NOTE: Downgrading to PAN-OS 10.0 or earlier PAN-OS versions is not currently supported once Panorama is upgraded to PAN-OS 10.1.
Kaspersky products protect against attacks leveraging the vulnerability under the following names:
UMIDS:Intrusion.Generic.CVE-2021-44228.
PDM:Exploit.Win32.Generic
Palo Alto
Applications and Threats Content version 8502 released
Fortinet has additional research relating to Log4j. This blog discusses the vulnerability, what protections Fortinet has in place to protect our customers, and the work being done to ensure that Fortinet products are not susceptible to this vulnerability. This Threat Signal provides answers to some additional questions surrounding the vulnerability.
This website uses Cookies, including Cookies from Google Analytics, to ensure you get the best browsing experience. If you “Continue” to use this site, you consent to the use of Cookies. Read more about Cookies
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.