Log4j Vulnerability Update

log4j Zeroday Vulnerability
Network Center, Inc.

The log4j security vulnerability is one of the most widespread cybersecurity threats in recent years. It affects enterprise software, custom applications, and forms part of many cloud computing services. In short, it's a really big deal.  

NCI Core Services Being Monitored:

* Green = Not Affected, Black = Affected
* View the full list or jump to vendor info by clicking below 

3CX | Amazon | Arctic Wolf | Canon | Cisco | AvePoint |Bomgar/BeyondTrust | Citrix | ConnectWise | Datto | Dell | ESET | Fortinet | Graylog | Github | Gitlab | HPE | IGEL | IT Glue/ Kaseya | IX Systems | Jamf | LionGuard | Manage Engine | Netapp | Nutanix | Palo Alto | Pure Storage | Solarwinds | Sonicwall | Tintri | Ubiquiti | Veeam | VMware | WatchGuard | Zerto  

What is logj4? 

Log4j is a free, open source software that specializes in logging. A java based library that's used by thousands of websites and applications to perform functions most don't even realize is happening, such as logging information for developers, debugging, and various other purposes. All web applications need this kind of functionality, which means the use of log4j is everywhere. 

How does the vulnerability work?

Log4j contains a security hole where data containing a specific sequence of characters sent to it through that website results in log4j fetching additional software from an external website and can run it. The vulnerability has been named Log4Shell. If exploited, an attacker can make the server that is running log4j run any software they want, including software that can take over that server (known as a Remote Code Execution attack). In short, cybercriminals have the ability to take over thousands of websites and online applications. 

What's next? 

Security is a top priority at NCI and we are closely monitoring the vulnerability as it evolves. As urgent as log4j is, further steps are not possible until vendors have addressed the risk within their products and are able to identify if the vulnerability is present. As solutions continue to emerge from vendors, we will coordinate with our customers and partners to apply the necessary patching and updates specific to individual environments. 
 

RESOURCES: 

Given the complexity of this situation, we recommend reviewing this comprehensive list from the Cybersecurity and Infrastructure Security Agency to see the real-time information regarding software vulnerabilities from vendors. 

NCI has technical resources available for security consulting. If interested, please reach out dispatch@netcenter.net to schedule a time. Hourly consulting rates will apply. 

NCI Core Services Updates:

Updated 1/10/2022
* Green = Not Affected, Black = Affected

  • 3CX - Not Affected
  • Amazon - All products have been remediated 
  • Arctic Wolf - Not Affected 
  • AvePoint - Not Affected 
  • Bomgar / BeyondTrust -  Not Affected 
  • Canon -  Not Affected. More information found here - Cannon.com/support
  • Cisco -  Cisco has found several affected products and is investigating to determine which products may be affected by these vulnerabilities. The following link will be updated with information about affected products and available patches:
  • Citrix - 2 Products Affected. For further details and patching information, visit Citrix Security Advisory resource page 
    • Endpoint Management (XenMobile Server) 
    • Citrix Virtual Apps and Desktops (XenApp & XenDesktop), Linux VDA (non-LTSR versions only)
  • ConnectWise – Not Affected
  • Datto – Not Affected
  • Dell – The following links provides details of Dell products that have been confirmed as impacted by Log4j vulnerability. For additional details, visit Dell Response to Apache Log4j Remote Execution Vulnerability
  • ESET – Not Affected
  • Fortinet – Certain Fortinet products have been confirmed as affected by the Log4j vulnerabilities. For a full list of affected and nonaffected products along with available fixes, follow this link 
  • Graylog – All versions have been fixed. Follow this link for more information on versions and recommendations. 
  • Github – Mitigation instructions posted December 14th. Click here for more information from GitHub
  • Hewlett Packard Enterprise – Several products have been confirmed affected. Click here for a comprehensive list of known product vulnerabilities. More information available here- Hewlett Packard Enterprise Product Security Vulnerability Alerts 
  • IGEL – IGEL Universal Management Suite (UMS), all versions since 5.09.100, confirmed affected by the vulnerabilities. The recommended course of action is to update to the fixed version. For more information, visit ISN 2021-11:UMS Log4j Vulnerability
  • IT Glue / Kaseya – Not affected 
  • IX Systems – Not affected 
  • Jamf – Mitigated and patched. Additional Details can be found here -community.jamf.com
  • LionGuard - Investigating. No direct risks identified. For more information visit liongard.com/faq-apache-log4j-vulnerability
  • Manage Engine – ADManager Plus has identified mitigation steps, click here for more information
  • Netapp – Several products are affected by the vulnerabilities. For a full list and remediation recommendations, follow this link: security.netapp.com/advisory
  • Nutanix – Currently no products affected 
  • Palo Alto – Not affected 
  • Pure Storage – Still under investigation. Known risks to several products associated with Log4shell CVE-2021-4428. Additional details and mitigation steps available
  • SolarWInds – Server & Application Monitor (SAM) affected, Database Performance Analyzer (DPA) affected. More details and recommendations can be found here - support.solarwinds.com
  • Sonicwall – Email Security is affected. NSM and analytics are still being investigated. For more information - sonicwall.com/vuln-detail
  • Tintri – Not affected 
  • Ubiquiti – Affected. Follow guidance in the following link: community.ui.com/releases/UniFi-Network-Application
  • Veeam – Not affected 
  • VMware – Products known to be affected as well as patching information and workarounds are listed in the VMware advisory
  • WatchGuard – Not Affected 
  • Zerto Not Affected 

 

Video Resources: 

Live Q&A