Click here for a message from Marc Perreault our Director, Security Operations
A critical software vulnerability has been identified and is considered to be one of the most widespread security concerns in recent years. It is gaining global attention due to the prevalence of the code within almost every major technology vendor in the market.
How significant is the impact?
It scores a 10/10 on the Common Vulnerability Scoring System, meaning it is very high risk and easy for malicious actors to exploit.
How does it work?
This code is often used in web-based applications. If these applications are accessible from outside your organization, e.g. on a website, they can be easily exploited by malicious attackers to enter your environment. The vulnerability allows attackers to send a random request to the Apache Log4j library and use remote code execution (RCE) to send commands to the host computer for malicious purposes. Once a connection is established, the attacker can effectively use the machine to spread malware, set up persistence mechanisms, exfiltrate data, etc.
Where is the vulnerability found?
The vulnerability resides within the Apache Log4j library (versions 2.0 – 2.14.1) which is widely utilized code across all major technology vendors. Please see the links below for specific information.
How can I protect my environment?
1. If you are not certain what hosts or applications on your network are leveraging the Log4j library, the best mitigation path is to ensure that your firewalls and Intrusion Prevention and Detection systems are up to date with the Log4j signature and set to block detections. This will prevent the ability of an attacker to exploit the vulnerability.
2. Within Apache: If you are aware of the hosts of applications that use the Log4j library within Apache, you can upgrade to the newest version via Apache located here: Log4j – Download Apache Log4j 2.
Within other applications: For all applications that are provided by vendors other than Apache that are using the Log4j library, customers are encouraged to contact their vendor partners to determine which products are affected and how to mitigate those vulnerable versions.
We have listed some technology vendor links below. This list is not exhaustive. Please check for patches with all application vendors within your environment.
3. If the service or application isn’t critical, the system should be shut down until proper patching or IPS rules are in place.
Compugen can assist with the mitigation methods above if you require. Please contact your Account Executive or Service Delivery Manager for more details on how we can help.
Vendor notices regarding the Log4j security vulnerability:
Cisco
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-apache-log4j-qRuKNEbd.html?dtid=osscdc000283
Microsoft
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
HPE
https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00120086en_us
Palo Alto
https://security.paloaltonetworks.com/CVE-2021-44228
Citrix
https://support.citrix.com/article/CTX335705