virus logo Outbreak Alert

Apache Log4j2 Vulnerability

Released: Dec 10, 2021

Download PDF »

Log4j2 Vulnerability

Critical Severity

Apache Vendor

Attack, Vulnerability Type

Subscribe

RCE and DoS in Apache Java logging library

A 0-day exploit was discovered on a popular Java library Log4j2 that can result to a Remote Code Execution (RCE). This is a widely deployed library, and while systems protected by Fortinet Security Fabric are secured by the protections below, all systems need to upgrade ASAP as this is 10.0 severity. Due to the high visibility and attention, subsequent vulnerabilities have since emerged. Learn More »

Common Vulnerabilities and Exposures

CVE-2021-44228
CVE-2021-45046
CVE-2021-45105
CVE-2021-44832
CVE-2021-4104

Background

The Log4j2 is a Java-based logging utility that is part of the Apache Software. For more details on the background please read Fortinet Blog:
https://www.fortinet.com/blog/threat-research/critical-apache-log4j-log4shell-vulnerability-what-you-need-to-know

To view, Fortinet products impacted by this vulnerability, refer to:
https://www.fortiguard.com/psirt/FG-IR-21-245

Technical information pertaining to each vulnerability, please refer to the FortiGuard Threat Signals at:
https://www.fortiguard.com/threat-signal-report/4335
https://www.fortiguard.com/threat-signal-report/4339
https://www.fortiguard.com/threat-signal-report/4345
https://www.fortiguard.com/threat-signal-report/4360

Threat Radar Overall Score:
CVSS Rating 10.0
FortiRecon Score 92/100
Known Exploited Yes
Exploit Prediction Score 97.29%
FortiGuard Telemetry 75769

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


FortiGuard Labs continues to see active exploitation attempts and remain as one of the top routinely exploited vulnerability.

  • June 27, 2024: A new campaign conducted by the Lazarus Group is seen employing new DLang-based Remote Access Trojans (RATs) malware in the wild exploiting Log4j Vulnerability.

    https://www.fortiguard.com/outbreak-alert/lazarus-rat-attack

  • June 27, 2022: Over 6 months later, stories of Log4j2 exploits continue to be published on near-daily basis and FortiGuard Labs continues to see active exploitation attempts. On a single day (Jun 14, 2022), FortiGuard IPS blocked over 50,000 exploits.

  • December 10, 2021: Several security-related websites picked up the vulnerability and released an article.

  • December 09, 2021: A 0-day was posted on Twitter with a PoC posted in GitHub.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Lure

  • Decoy VM

  • Vulnerability

  • IPS

  • Web App Security

DETECT

  • IOC

  • Outbreak Detection

  • Threat Hunting

  • Cloud Threat Detection

RESPOND

  • Automated Response

  • Assisted Response Services

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Vulnerability Management

  • Attack Surface Hardening

  • Business Reputation

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...