12.10.2021

Critical – Vulnerability for Log4j, CVE-2021-44228, Log4Shell

MCNC Admin Avatar
By MCNC Admin
Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 12/10/2021

Action Level - Critical

Description

As part of our Edgeguard service, MCNC would like to make you aware of a new threat affecting the Java logging utility Log4j. This is being tracked as CVE-2021-44228. Apache documentation here.

In all Log4j versions >= 2.0-beta9 and <= 2.14.1 JNDI features used in configuration, log messages, and parameters can be exploited by an attacker to perform remote code execution. Specifically, an attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Due to the widespread usage of this utility, it is safe to assume that most devices and services are affected. This was originally discovered as a Minecraft exploit but also affects gaming services such as Steam, websites like Apple, Amazon, and Twitter, as well as services such as Apache Struts, Apache Druid, and ElasticSearch.

Affected Devices

  • There is no finite list of affected devices. Verify what network connected devices and services you have and monitor those vendors for further security alerts and possible patches.
    • While this vulnerability affects Log4j, it is possible that a given vendor implementation may not be vulnerable.

Attack Vector

Any attacker with network access that can pass text to the given device could potentially exploit this vulnerability.

Attack Feasibility

Proof of concepts and live testing are occurring. Security researchers are reporting attacks on their honeypots.

Mitigations

The only way to mitigate a device that you have determined to be vulnerable is to remove network access until patches become available.

If you are maintaining your own Log4j service you can use the following:

  • Adding -Dlog4j2.formatMsgNoLookups=true to your JVM args
  • log4j2.formatMsgNoLookups=True

Remediation

Monitor vendor web pages and patch immediately when possible.

<-- Return to Cybersecurity Alerts...

MCNC Admin
MCNC Admin
MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Uslinkedintwitterfacebookyoutube
© 2022 MCNC