The Apache Software Foundation has released a security advisory to address a Critical vulnerability: remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1 dubbed Log4Shell by researchers. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability is already being used to implant cryptocurrency miners, and researchers have detected mass scanning activity searching for servers using Log4j.
Log4j is an open-source, Java-based logging tool used in many Java-based applications widely used by enterprise applications and cloud services.
Therefore, BtCIRT urges all administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
Organisations that don’t currently have a vulnerability scanner can sign up for a free trial of Nessus Professional to scan for this vulnerability.
More details on the vulnerability are available at:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
- https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
- https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
- https://blog.checkpoint.com/2021/12/11/protecting-against-cve-2021-44228-apache-log4j2-versions-2-14-1/
- https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability