Saturday, January 15, 2022

Log4j Vulnerability overview

Log4j Vulnerability

In 2021 before the year-end holiday begins, the Log4j vulnerability came in to knowledge as an extensively active cyber attack happened across globe. It was a Zero-day vulnerability affecting the widely used Apache Log4j Java-based logging library that could be weaponized to execute malicious code or malware or in form of ransomware and allows a complete takeover of a vulnerable system.

As per Microsoft’s research it was came in to understand that, the vulnerabilities allow remote code execution by an unauthenticated attacker to gain complete access to a target system. It can be triggered when a specially crafted string is parsed and processed by the vulnerable Log4j 2 component. This could happen through any user provided input. Successful exploitation allows for arbitrary code execution in the targeted application.

This vulnerability was identified as remote code execution vulnerability with a critical to moderate rating and with a CVE code assigned as CVE-2021-44228.

A Zero-Day vulnerability is a flaw in a software or application for which no official patch or security update has been released or software manufacturer / vendor may or may not be aware of the vulnerability.

On December 14, 2021, it was noticed that Apache Log4j use cases are affected in versions 2.15.0 and earlier. Many OEM, software manufacturers were impacted due to this vulnerabilities including Cisco, Microsoft, Oracle. Many organization has published and shared their advisory for the Log4j vulnerability.

Similarly attackers have again released a false patch to support the above vulnerability loaded with ransomware and malwares. 

So again some advisory were published not to go for patch update immediately. After waiting certain period, there must be update. So All systems, including those that are not internet facing, are also potentially vulnerable to these vulnerabilities, so backend systems including all micro services should also be upgraded.  No Java version patch can mitigate these vulnerabilities. The recommended action is to update Apache Log4j. Systems that have already been updated to 2.15.0 should move to 2.16.0 or later asap for extra protection against other possible vulnerabilities.

This was just a basic knowledge about the vulnerability. Please refer to vulnerability database, specific guidelines, advisories or contact the vendor before updating any security patches.

Thanks!

-DR

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Basics of Ethernet
    Ethernet   Ethernet is the Media access method in a network where all the device or hosts , that share data or share the bandwidth in betw...
  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • General IT Controls -ITGC & GTAG
    General IT Controls (GITC or ITGC) Information Technology General Controls is a type of internal controls which is combined a set of policie...