Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
NewsWatchGuard
Home›News›Critical RCE Vulnerability in Log4J2

Critical RCE Vulnerability in Log4J2

By admin
13/12/2021
1898
0
Share:
WatchGuard logo

December 10, 2021 By Marc Laliberte

[Updated 11-12-2021: Additional information for WatchGuard customers]

On Thursday, security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for java applications. CVE-2021-44228 is a full 10.0 on the CVSS vulnerability scoring system due to a combination of how trivial the exploit is and damaging the impact is. All versions of the log4j2 are vulnerable to varying degrees with some versions (2.10 > and <= 2.14.1) having the option to disable the vulnerable functionality and the latest version (2.15.0) coming with it disabled by default.

The vulnerability involves log4j2’s handling of Java Naming and Directory Interface (JNDI) resources. JNDI is (as you may have guessed) a naming API within Java that allows applications to locate resources and objects by a naming index. Just like DNS on a network resolves a hostname to an IP address, JNDI resolves an object name to an object. As part of adding support for JNDI lookups, log4j2 interpolates log messages and attempts to look up any JNDI resources. Long story short, an attacker with control over a string that gets passed to the log4j2 logger can trick the application into requesting an LDAP lookup and grabbing a resource off a server under their control, loading it, and executing it.

In WatchGuard Threat Lab’s honeynet, we’ve seen attackers probing our honeypots and attempting to exploit the vulnerability on applications that log the User-Agent string in HTTP requests. The example below ultimately attempts to load a cryptominer when it finds a vulnerable system.

Anyone that maintains a Java application that uses log4j2 should immediately update to 2.15.0 and/or make sure JNDI lookups are disabled by setting the JVM flag “log4j2.formatMsgNoLookups” to “true” to mitigate the vulnerability. There are additional partial mitigations depending on which version of JDK you are running. For example, JDK versions greater than 6u11, 7u201, 8u191 and 11.0.1 are not affected by the LDAP attack vector but could still be attacked by loading in-app classes.

If you’re a WatchGuard customer, the Firebox, WatchGuard System Manager and Dimension are all not affected. Several WatchGuard Cloud components including Threat Detection and Response and AuthPoint were running a vulnerable version of log4j2, but use a version of JVM that is not vulnerable to the common LDAP attack vector. We have updated these components out of an abundance of caution. We are continuing to investigate internally for any additional potential impact.

Previous Article

End-of-Life (EoL) announcement for Sophos SSL VPN ...

Next Article

Advisory: Log4j zero-day vulnerability AKA Log4Shell (CVE-2021-44228)

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • News

    Cybersecurity awareness is no substitute for actual end user training

    04/10/2019
    By admin
  • NewsTrendMicro

    Trend Micro Introduces Australian-First Automated Open Banking Solution for Secure Data Sharing, Built on AWS

    01/07/2020
    By admin
  • Fortinet
    FortinetNews

    Fortinet’s FortiWeb Cloud Powers Continent 8’s New WAF-as-a-Service offering

    03/02/2020
    By admin
  • SonicWall biggest update
    News

    SonicWall SonicOS 6.5, the Biggest Update in Company History, Delivers Powerful Security, Networking and Usability Capabilities

    28/09/2017
    By admin
  • NewsSophos

    Under attack? Sophos Rapid Response is here to help

    28/10/2020
    By admin
  • Sophos Cybersecurity made simple
    News

    The Impossible Puzzle of Cybersecurity

    15/08/2019
    By admin

  • WatchGuard logo
    Alerts & BugsWatchGuard

    WatchGuard GAV Outage for 11.10.5 and earlier software versions

  • XG Firewall v17-5
    News

    Sophos – XG Firewall v17.5 early access program is now live!

  • Fortinet logo
    News

    Fortinet – FortiManager 5.6: Centralized Control for Today’s Networks

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home