NewsProduct

Log4j Zero-Day

Log4j Zero-Day

  • Device42’s discovery capability can help you identify systems vulnerable to the Log4j RCE
  • The Log4j vulnerability is critical and impacts many applications and systems
  • Device42’s software is not impacted by the Log4j vulnerability

Summary

CertNZ revealed on Friday, December 10th that a popular Java logging library, Log4j, has a critical remote code vulnerability. This is a rare 10 CVSS score with observed exploits in the wild. Millions of applications use Log4j and we are seeing vulnerabilities announced by nearly every major software company such as Apple, Amazon, Cisco, Red Hat, Microsoft, and many more.

What’s impacted

Any Apache versions from 2.0 to 2.14.1 with Log4j are vulnerable and easily exploitable with a web request with a simple user string. The additional challenge is that Apache and Log4j are heavily embedded in many commercial software solutions. The list of impacted solutions is growing rapidly and the community is working together to identify any potential packages with version-specific details. 

Device42 has concluded its full product assessment and has determined that it has no vulnerable versions of Log4j in its products or in its environments.

How do you fix it

For Apache instances in your control, upgrade Log4j to 2.16.0 as soon as possible. For situations where you cannot immediately upgrade, there is a workaround for versions 2.10 and above where you can mitigate the vulnerability:

Set log4j2.formatMsgNoLookups to true by adding:

“append -Dlog4j2.formatMsgNoLookups=True” to the java command-line for starting your application.

How Device42 helps

As an IT discovery solution, Device42 can provide an inventory of the software deployed in an IT environment that could be potentially vulnerable to the Log4j vulnerability.  For those customers with the optional Application Dependency Mapping capability, more advanced discoveries are possible to inspect the Java JVM arguments for any references to Log4j and identify vulnerable versions along with the details of where this software is deployed in your environment.

We have prepared some Device42 object query language reports that can be executed to provide a report of vulnerable software and the servers in which the software is running.  These queries can be found on the Device42 Github here:

We have also created PowerBI dashboards to show you potentially vulnerable servers. The Device42 Log4j Dashboards can be found on the Device42 Github here.

We have also made reports available for our Advanced Reporting, available for download on our Github here. You can add these to your Device42 by going to Advanced Reporting:

And then uploading the files in the Reports pane:

Log4j Remediation Dashboarding

Using the integration between PowerBI and Device42, we have built some powerful dashboards to help your teams find and remediate Log4j issues.

Log4j Software Package Dashboard

This dashboard provides a graphical representation of how many systems have a version of a vendor’s vulnerable software package deployed along with details on which particular piece of software exists on those devices.

Log4j Application Components Dashboard

This dashboard provides an overview of all application components with command line arguments utilizing vulnerable Log4j.  These identified applications would be targets for immediate inspection and potential remediation.

Share this post

About the author