Search Knowledge Base by Keyword
Table of Contents

Log4j2 Security Vulnerabilities CVE-2021-45046 / CVE-2021-44228

Posted
Print Friendly, PDF & EmailPrint

Overview

Log4j 2 is a Java-based logging library that is widely used in business system development, included in various open-source libraries, and directly embedded in major software applications.

This recommendation provides a list of devices and paths where a vulnerable Apache Log4j 2 version was found.
To fix the vulnerability, either deploy a relevant software update issued by the vendor or upgrade the Apache Log4j library component to a newer version.

CVE-2021-45046 Detail – Severity Critical

This vulnerability affects the following vendors: Apache, Debian, Code42, Tableau, Netapp, Elasticsearch, Symantec, Vmware, Splunk, Oracle, Ibm, Jboss, Dell, Dell_Emc, Neo4j, Papercut, Sonicwall, Intel, Schneider-Electric, Siemens, Fedora, Ubuntu, Suse, Amazon. To view more details about this vulnerability please visit the vendor website.It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments.

CVE-2021-44228 Detail

This vulnerability affects the following vendors: Apache, Netapp, Elasticsearch, Symantec, Vmware, Splunk, Ubuntu, Oracle, Red_Hat, Centos, Suse, Debian, Ubiquiti_Networks, Ibm, Jboss, Dell, Metabase, Neo4j, Openhab, Dell_Emc, Papercut, Philips, Sonicwall, Tableau, Code42, Intel, Ivanti, Schneider-Electric, Siemens, Avaya, Fedora, Cisco, Snowsoftware, Bentley, Percussion, Microsoft, Amazon. To view more details about this vulnerability please visit the vendor website.Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. Apache Log4j versions prior to 2.15.0 are susceptible to a vulnerability. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. The full list of impacted applications has not yet been determined at this point. Microsoft is continuously investigating the vulnerability and affected applications. We will update this entry additional information guidance as more details become available.

References

Nvd, Oracle, Ubuntu, Suse, AmazonLinux
https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
https://bug.cyberkendra.com/2021/12/09/log4j-remote-code-execution
https://www.exploit-db.com/exploits/50590
https://www.exploit-db.com/exploits/50592
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Effective Security Severity Level

Severity Critical

Affected Systems

mLogica products are not affected by these vulnerabilities

Tests and Certifications

mLogica has evaluated all mLogica products for potential vulnerabilities and performed certification testing with the available patches and workarounds for all mLogica systems and products that are affected. It was determined that the available patches and workarounds can be safely deployed with no impact to mLogica systems and products.

Actions Taken for Hosted (Cloud) Systems

Required Actions

mLogica products are being tested to confirm that they are not affected by these vulnerabilities.

Exploitation and Public Announcements

The mLogica Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory in the context of mLogica products.

Record of Changes

Type of information Document Data
Document Title: Security Advisory – Log4j2 Security Vulnerabilities CVE-2021-45046 – CVE-2021-44228
Document Owner: mLogica Chief Information Security Officer (CISO)
Approved by: Robert Ponnaiyan
Issued: 30 August 2022
Reviewed & Revised: 30 August 2022

Revision Control

Version Number Nature of Change Date Approved
1.0

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.

Was this article helpful?
YesNo
Terms of Use
Privacy Policy
Copyright © mLogica, LLC 2024 All rights reserved.