Description
Security researchers has discovered a new zero-day vulnerability dubbed Log4Shell in Apache Log4j Java-based logging library tracked as CVE-2021-44228 which has scored a perfect 10/10 in the CVSS rating (Critical). The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the vulnerable system and affects all versions from 2.0-beta9 to 2.14.1, this vulnerability can be exploited through a single string of text. Successful exploitation of this vulnerability could lead to a complete system takeover.
Some experts are calling this one of the most critical vulnerabilities they have seen in years!
Recommendations:
It is recommended to update Log4j to its latest version 2.15.0
Block all IOC’s on firewall
Check all internet facing applications that are vulnerable to the exploit in the environment
Reference URLS:
Recommendations for IOCs:
Workaround:
For releases >=2.10:
Vulnerability can be mitigated by setting either the system property "log4j2.formatMsgNoLookups"
Or
the environment variable "LOG4J_FORMAT_MSG_NO_LOOKUPS" to “true”
For releases from 2.0-beta9 to 2.10.0:
The mitigation is to remove the "JndiLookup" class from the classpath:”zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class”.
Reference URLs for IOCs:
https://logging.apache.org/log4j/2.x/security.html https://www.virustotal.com/gui/collection/04c6ab336e767ae9caee992902c4f3039ccee24df7458cd7cbaf3182644b3044 https://github.com/CriticalPathSecurity/Zeek-IntelligenceFeeds/blob/master/log4j_ip.intel https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
Kommentarer