Security Advisory Archives

Critical Apache Log4j Vulnerability – What You Need to Know

December 15, 2021

Critical Apache Log4j Vulnerability – What You Need to Know

Last week, a critical vulnerability dubbed Log4Shell, was found in Apache’s Log4j logging tool and is currently affecting millions of devices around the world. Log4j is a logging library that is widely used across many different services and devices and is likely a lot more common than you think.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code remotely. Proof-of-concept code has now been released for this vulnerability and it is being actively exploited in the wild; if left unpatched, the risk of compromise is very high, and could open the way for a number of attacks, such as credential theft, data extraction, ransomware or infection of the rest of your network.

The initial vulnerability CVE 2021-44228 has been rated with a base CVSS score of 10.0, which is the highest / most critical score available when rating vulnerabilities.

Be aware that further vulnerabilities have been found since the initial advisory and its now recommended to ensure Log4j is running updated version 2.16.0.

Does This Affect Me?

Many organisations and individuals may not even know that they are using Log4j, as it is simply a component used in different types of software; but it is almost a guarantee that most users are using it somewhere on their devices or in online services. The majority of users being unaware of the risks posed by this flaw, makes it even more severe, so spreading awareness of it is very important.

Generally, we recommend applying the latest updates as soon as possible, and continue to apply future patches as soon as they are made available.

As for organisations, understanding where Log4j may be present is essential; we strongly advise you try to discover all instances of Log4j within your organisation and ensure that patches are applied everywhere, as soon as they become available.

Lists of affected components, apps and vendors have been published on GitHub, which may assist in identifying instances of Log4j. These lists can be found here; please consult the advisory section below for a list of other associated and useful resources.

Advisories and Resources

Here are some resources and advisories to help you understand this vulnerability. As new information is released, we will update this section and try to provide a timeline of events and updates, including any changes to advisories and recommendations as vendors begin to fix their products and provide updates.

Apache Log4j Security Vulnerability Fixes | 13th December 2021

Log4j – Apache Log4j Security Vulnerabilities

Log4j Vulnerability – What Everyone Needs to Know | 14th December 2021

What the Log4j vulnerability is, who is affected - NCSC.GOV.UK

Cisco Talos Threat Advisory | 15th December 2021

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild

CISA List of Affected Systems | 16th December 2021

GitHub - cisagov/log4j-affected-db

Log4Shell Spotted Spreading Ransomware | 14th December 2021

First Log4Shell attacks spreading ransomware have been spotted - The Record by Recorded Future

State Actors Exploiting Log4Shell | 15th December 2021

Relentless Log4j Attacks Include State Actors, Possible Worm | Threatpost

Exploitation of Second Log4j Vulnerability Begins | 15th December 2021

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges (thehackernews.com)

Log4Shell Exploits Used in Attacks Targeting Ubiquiti Network Appliances | 31st January 2022

Threat actor target Ubiquiti network appliances using Log4Shell exploits - The Record by Recorded Future

UniFi Network Application 6.5.54 Includes Log4j Fix - Addresses Exploit Used in Above Attacks

UniFi Network Application 6.5.54 | Ubiquiti Community

Author

Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.

Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

SUBSCRIBE

Ironshare is a provider of Information and Cyber Security services.

we went with; wizard pi