Log4j Flaw: Top 10 Affected Vendors and Best Solutions to Mitigate Exploitations

essidsolutions

Organizations worldwide hastened to fix impacted systems when a severe vulnerability in the Apache Log4j library, a java logging tool extensively used across many programs and applications, was discovered. Here’s an overview of the major organizations that were walloped due to exploitation of the notorious vulnerability and a concise guide to solutions that can help mitigate its impact.

The pace at which malicious actors began leveraging easy-to-exploit zero-day vulnerabilities in Log4J Shell last week stunned organizations across sectors whose developers used the open-source logging tool frequently. 

Since last week, vendors who use susceptible Log4j technology have been scrambling to locate patches, address bugs, and work on improved versions of their products to avoid spreading the virus. Unfortunately, some of the affected products will not be patched until early 2022, while timeframes for other susceptible systems are still being determined.

Todd Carroll, CISO at CybelAngel, says that organizations running Apache Log4j should check for vulnerable versions in their environment and locations. “They should block external-facing applications that use the vulnerable library until an updated version is released. Whenever possible, they should install the most recent version of Log4j and monitor for vendor patches as they become available. In addition, they should monitor traffic to and from application workloads that may be exploited due to this vulnerability.”

Some of the most well-known technological vendors, including AWS, Adobe, and IBM, have vulnerable code in their products. Here’s a list of the top organizations that were impacted by the Log4j vulnerability. 

See More: Joker Malware Marks Another Return to the Play Store, Infects 500K Android Devices

Top 10 Impacted Vendors

Adobe

Adobe found that ColdFusion 2021 is subject to Log4Shell and released a security updateOpens a new window to address the problem on December 14. Adobe noted that there is a solution if patching is not possible right away. Even though Adobe ColdFusion uses this library, the vendor claims that no significant attack vectors or techniques have been discovered in Adobe ColdFusion.

Cisco

Cisco has released a list of its productsOpens a new window that are impacted by Log4Shell and a patching schedule that commenced from December 14.

Products from a range of categories are compromised, along with the foregoing:

  1. Devices for network and content security (Identity Services Engine, Firepower Threat Defense, Advanced Web Security Reporting Application)
  2. Social media and collaboration (Cisco Webex Meetings Server)
  3. Provisioning and network management (Cisco CloudCenter Suite Admin, Data Center Network Manager, IoT Control Center, Network Services Orchestrator, WAN Automation Engine)
  4. Routing and switching in the enterprise (Cisco Network Assurance Engine and Cisco SD-WAN vManage)

AWS

The Log4j vulnerability is being addressed by Amazon Web Services for any services that use the open-source code or deliver it to clients as part of their service. According to the Seattle-based cloud computing giant, customers who administer Log4j installations should update to the current version.

Until fixesOpens a new window for AWS Greengrass versions 1.10 and 1.11 are available, users should double-check that their customized lambda code does not exploit arbitrary stream and file descriptors beyond their purview. Customers may notice intermittent slowness until API Gateway is updated to a Log4j version that addresses the issue.

F-Secure

On both Windows and Linux, Log4Shell affects several F-Secure products, including Policy Manager (only the Policy Manager Server component), Policy Manager Proxy, Endpoint Proxy, and Elements Connector. Administrators may repair the vulnerability using a security patch released by the corporation, which comes with step-by-step instructionsOpens a new window .

Broadcom

Broadcom’s CA Advanced Authentication, Symantec SiteMinder unified access management, and VIP Authentication Hub products are all affected by the Log4j vulnerability disclosed on Monday. Symantec Endpoint Protection Manager, the company’s endpoint protection product, may also be affected. However, no harm has been confirmed.

According to the company, customers of SiteMinder should either set up the product to continue utilizing older Log4j versions safely or updateOpens a new window to Log4j 2.15.0 in their environment. Upgrading to 2.15.0 will help to reduce the likelihood of older Log4j instances being detected by vulnerability scanning tools.

Fortinet

Fortinet’s 12 productsOpens a new window are compromised by the Log4j vulnerability, allowing outsiders to inject malicious code into log messages or message parameters. Last Friday, three of the vulnerable products were patched: FortiCASB, FortiConverter Portal, and FortiCWP. According to Fortinet, FortiEDR Cloud is no longer susceptible due to the precautions taken.

FortiGuard

According to the company’s statement, over a dozen of the company’s products are vulnerable, with fixes or mitigations in place for four of them. FortiGuard said that the guidanceOpens a new window would be updated with dates for deploying upgrades for other FortiGuard products such as FortiSIEM, FortiInsight, FortiMonitor, FortiPortal, FortiPolicy, and ShieldX.

IBM

The Apache Log4j open-source library has been installed with the bugOpens a new window in both IBM Watson Explorer and WebSphere Application Server. The UDDI Registry Application and the WebSphere Application Server Admin Console are both affected. The flaw impacted specific versions of seven different IBM Watson Explorer cognitive exploration products.

Depending on the product, IBM Watson Explorer customers should upgradeOpens a new window to Version 12.0.3.8 or Version 11.0.2.12. The customer’s customizations are lost if they upgrade IBM Java Runtime after updating IBM Watson Explorer Content Analytics Studio, and they must restart the operations.

Okta

Okta released patchesOpens a new window for the Okta RADIUS Server Agent and Okta On-Prem MFA Agent to mitigate the risk posed by the Log4Shell vulnerability and highly urges users to implement the fixes through the Admin Console.

VMware

According to the company, the critical Log4j vulnerability can allow for arbitrary code execution in almost 40 VMware products, and exploitation efforts have been documentedOpens a new window . According to VMware, a hostile actor with network access to an afflicted VMware product might leverage this issue to gain total control of the target system.

Tanzu, vRealize, Spring Cloud, and Carbon Black are all affected. VMware has issued a workaround for the bulk of the systems affected by Log4j, while a patch is available for around a third of the affected devices.

See More: 8 Tips To Implement an Effective Disaster Recovery

Solutions to Combat Log4Shell’s Impact

Install the latest version of Log4j Library

Upgrading all variants of Log4j to the most recent version – Log4j 2.17.0 – is the quickest and presently most effective mitigating response. It’s available for download hereOpens a new window .

According to the Apache Software Foundation, the vulnerability CVE-2021-45105 was resolved in its newest library version. This should keep potential attacks at bay, but it won’t fix any harm that occurred before the library upgrade.

Because this vulnerability is so prevalent, it’s best to presume your environment was hacked before you upgraded your library and to start responding to data breaches right now. Even organizations that do not use Apache log services should prepare for a data breach since the implications of this zero-day pair might affect the whole attack surface.

Aqua has developed a new Log4j Rapid Vulnerability Assessment programOpens a new window

Aqua’s front-line customer success team will conduct a guided vulnerability assessment of your environment. They’ll assist you in identifying Log4j vulnerabilities in your cloud-native pipeline and deployed environment fast and correctly. The prioritized findings will assist you in identifying, sequencing, and correcting the issues. Aqua’s team will also help you develop strategies that will decrease the possibility of fresh pictures with known flaws being deployed in production.

Finding Apache Log4j with InsightVM4

InsightVM has several ways of detecting vulnerable software. The ideal strategy relies on the program and individual vulnerability in issue and the unpredictability introduced by different network topologies and Scan Engine deployment tactics. The problem becomes much more difficult when a vulnerability like CVE-2021-44228 affects a software library (Log4j) that is used to construct other software products and may not indicate its presence in an obvious way. See AttackerKBOpens a new window for a detailed examination of the vulnerability and its attack surface area.

Detecting Malicious Activities Using Behavioral Detection MethodsOpens a new window

When a new zero-day vulnerability is discovered, the priority is to determine which systems are affected and fix them as soon as possible – but this is frequently difficult. Lacework can assist users in securing themselves as they develop by tracking their cloud infrastructure for criminal attacks while patching, which is a partial bright spot. Let’s go through three things you can do to make these trying days a bit easier.

  • Find out which systems may be affected.
  • Through runtime security monitoring, you may detect any active assaults.
  • Prioritize and correct the flaws depending on their severity and context.

Check Point InfinityOpens a new window : How it works against Log4j 

The Infinity Platform from Check Point is the security platform that provides clients with pre-emptive protection against the notorious Log4j attack (Log4Shell). The tool, which uses contextual AI, allows exact avoidance of even the most complex fledgling threats while avoiding false positives. As the app and threat landscape change and expand, the security auto-refreshes without human involvement or rule sets, keeping customer web applications secure.

UpGuard Log4j Vulnerability Scanner Opens a new window

UpGuard has created a domain and IP scanner that can quickly identify vulnerable companies to CVE-2021-44228. The scanner operates by delivering a string to each website and IP address being scanned in the URL of an HTTP GET request. When a friendly LDAP connection to a secure server is created, vulnerable Log4j libraries are validated. If all external connections are prohibited, your outbound proxy/source firewalls of unsuccessful attempts to connect to UpGuard’s secure LDAP server are verified to be vulnerable to the zero-day.

More on Log4j Apache Vulnerability

Log4j Flaw: Critical Zero-day Leaves Millions of Systems at Risk

Log4j Vulnerability: Everything You Need To Know About the Zero-Day Flaw

Apache Log4j Flaw: Best Practices to Respond to the Vulnerability of the Decade

Is your organization protected against the malicious Log4Shell flaw? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!

 

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA