Zero-Day Exploit Targeting Java Library Log4j
On Friday it was announced that there is a critical vulnerability in the Java library “Log4j”. The vulnerability is already being exploited by criminals. The vulnerability is highly critical (CVSS 10) because it can be exploited remotely by an unauthenticated attacker to execute arbitrary code.
Image source and further information about the vulnerability: https://www.govcert.admin.ch/
Software vendors are already analyzing whether their product are vulnerable and developing appropriate patches if necessary. As soon as we get an update from our vendors if they are vulnerable or corresponding patches are available, we will inform our customers accordingly.
Here you can find an overview of the latest information from our vendors:
Vendor | Latest information | Details |
---|---|---|
Bitglass | Not Affected | Not Vulnerable: Forcepoint Bitglass |
Bluecat | Affected | Affected: – BlueCat has determined that there are no un-authenticated paths to injecting log data in BlueCat Edge. Development and testing of an upgrade to the patched Log4j version are underway, but only users you have granted access to your Edge instance could exploit the vulnerability. – The Java versions and default configuration used in BlueCat Integrity 9.1, 9.2, and 9.3 prevent the worst-case exploits which use an external LDAP server. Only exploits relying on pre-loaded Java classes are viable. |
F5 | Not Affected | Not vulnerable: – Big-IP – Big-IQ – NGINX |
ForcePoint | Partially Affected | Affected: – Forcepoint NGFW Security Management Center Software (see article 38989 and associated Tech Alert) – Forcepoint SMC Appliances (see article 38989 and associated Tech Alert) – Forcepoint Web Security (Investigation in Progress for Remediation or Mitigation) – Forcepoint DLP (see article 38992 and associated Tech Alert) – Forcepoint Security Manager (see article 38991 and associated Tech Alert) Not Affected: – Forcepoint NGFW – Forcepoint NGFW VPN Client – Forcepoint Sidewinder – Forcepoint Sidewinder Control Center – Forcepoint Content Gateway – Forcepoint One Endpoint – Forcepoint DLP Endpoint – Forcepoint Web Proxy Connect Endpoint – Forcepoint Web Direct Connect Endpoint – Forcepoint NGFW ECA Agent – Forcepoint CASB Agent – Forcepoint Bitglass SSE – Forcepoint Cloud Security Gateway (CSG) – Forcepoint Web Cloud Security Gateway – Forcepoint Email Security Cloud – Forcepoint User ID – Forcepoint Remote Browser Isolation – Forcepoint Private Access – Forcepoint Advanced Malware Detection |
Fortinet | Partially Affected | Affected: -FortiAIOps – Fixed in version 1.0.2 -FortiCASB – Fixed on 2021-12-10 -FortiConverter Portal – Fixed on 2021-12-10 -FortiCWP – Fixed on 2021-12-10 -FortiEDR Cloud – Not exploitable. Additional precautionary -mitigations put in place on 2021-12-10 -FortiInsight – Not exploitable. Additional precautionary mitigations -being investigated. -FortiIsolator – Fix scheduled for version 2.3.4 -FortiMonitor – Mitigations for NCM & Elastiflow available -FortiPortal – Fixed in 6.0.8 and 5.3.8 -FortiSIEM – Mitigation available -ShieldX – Fix scheduled for versions 2.1 and 3.0 – ETA 2021/12/17 Not Affected: -FortiADC -FortiAI -FortiAnalyzer -FortiAP -FortiAP-U -FortiAuthenticator -FotiCache -FortiCarrier -FortiClient (All versions) -FortiClientEMS -FortiConnect -FortiConverter -FortiDDoS -FortiDDoS-F -FortiDeceptor -FortiEDR Agent -FortiExtender -FortiMail -FortiManager -FortiNAC -FortiOS (includes FortiGate & FortiWiFi) -FortiPresence -FortiProxy -FortiRecorder (inlcudes FortiCamera) -FortiSandbox -FortiSASE -FortiSOAR -FortiSwitch & FortiSwitchManager -FortiTester -FortiToken & FortiToken Mobile -FortiVoice (includes FortiPhone) -FortiWeb -FortiWLC -FortiWLM -FortiAnalyzer Cloud -FortiClient Cloud -FortiExtender Cloud -FortiGate Cloud -FortiGSLB Cloud -FortiLAN Cloud (includes Switch & AP) -FortiManager Cloud -FortiPenTest -FortiPhish Cloud -FortiToken Cloud -FortiWeb Cloud |
Palo Alto Networks | PAN-OS for Panorama is affected in certain versions. | PAN-OS for Panorama is affected in certain versions. Asecus recommends to update to the newest version 10.1 if possible. Hotfixes are still in development. Please note that the vulnerability only affects Panorama. The firewalls are not affected Affected Versions: – 9.0.x – 9.1.x – 10.0.x Not affected Versions: – 8.1.x. – 10.1.x |
Pentera | Affected | Affected: – Pentera up to 5.0.7 is affected (a patch will be available on Monday, December 13 (Version 5.0.8) |
Proofpoint | Affected | A critical remote code execution vulnerability affecting the popular Java logging package log4j2, CVE-2021-44228, was published on December 10, 2021. The vulnerability is also referred to as Log4Shell. Scanning and exploitation of the vulnerability began shortly after the vulnerability was disclosed. Proofpoint issued an internal advisory for patching all affected production and corporate environments on the day the vulnerability was disclosed. Additionally, we are conducting an internal investigation to determine if there is any impact. We are actively monitoring for new disclosures regarding indicators of compromise and attacker tactics, techniques, and protocols. Updates to this notification will be made if there are any significant changes to the available information about the threat and will be available to customers by request. A patch for PPS is available (patch-0004293) in the meantime. |
Swivel | Not Affected | Swivel is not using Log4J Version 2. |
IBM QRadar | Probably Affected | No official communication from IBM is available at this moment. However the two sourced links, make it seem, that QRadars is probably affected |
SEPPmail | Not Affected | There is no Java installed on Seppmail appliances |
Vendors – Detail Information:
BlueCat: https://care.bluecatnetworks.com/s/detail/a8B3r000000PSMgEAO
F5:https://support.f5.com/csp/article/K19026212
ForcePoint: CVE-2021-44228 & Security-Management-Center
Fotinet: https://www.fortiguard.com/psirt/FG-IR-21-245?utm_source=blog&utm_campaign=blog
Palo Alto Networks: https://security.paloaltonetworks.com/CVE-2021-44228
Proofpoint: https://proofpointcommunities.force.com/support/kAF5Y000000sXwk?srPos=0&srKp=kaF&lang=en_US
IBM QRadar:https://www.reddit.com & https://socradar.io/
If you have any questions or need our support, do not hesitate to contact us: