A remote code execution vulnerability (CVE-2021-44228) in the Apache Log4j 2 Java library was announced on December 9th, 2021. The vulnerability has been assigned a Base Score of 10.0 Critical, the highest possible score.
The vulnerability is easily exploited, and proof of concept exploit code was published in the public domain. Threat actors have been observed actively scanning for and exploiting the vulnerability. Several exploits have been identified, and the number is expected to grow.
Log4j is one of the most popular Java logging libraries and is utilized by companies worldwide. The vulnerability affects any system running a version of Log4j >= 2.0-beta9 and <= 2.14.1. This can include end-user computers, on-premises servers, as well as cloud-based servers and services.
Organizations should take appropriate steps to identify, mitigate, and investigate any systems where Apache Log4j is in use. This includes working with critical vendors that may be impacted, such as SaaS providers, network solution vendors, and cloud providers.
Impacted Service: Released versions of Apache Log4j 2
Common Vulnerability and Exposure (CVE) ID: CVE-2021-44228
CVSS Severity Rating: 10/10
Patching & Prevention
- As a standard practice, organizations should ensure patches are applied for critical CVE’s on all systems as they become available.
- Enable IDS/IPS and firewall countermeasures where possible
- Ensure antivirus/endpoint protection is installed and up to date on all systems
- Automatic updates should be enabled for all antivirus and endpoint protection systems
- Review your organization’s current system and vendor lists, and coordinate with critical and high-risk vendors to develop mitigation strategies.
- Although the situation is still developing, most manufacturers have posted notices related to this vulnerability. Searching for “Manufacture Name CVE-2021-44228” should provide you with the most relevant results (e.g. Cisco CVE-2021-44228)