Log4Shell – Log4j Exploit or Groundhog Day in the Security World

Log4Shell - Log4j Exploit or Groundhog Day in the Security World

Log4Shell – Log4j Exploit or Groundhog Day in the Security World

If you caught Groundhog Day over the holiday period, you may know where this blog is going. Yes, we have another log4j vulnerability! Similar to the one announced on 18th December, this variant is certainly not as high risk as the initial issues and has a lower severity rating of “medium” (6.6, click on the link for more information on the Common Vulnerability Score System or CVSS). It has been described as enabling “an attacker with permission to modify the logging configuration file [to] construct a malicious configuration.” As such, it can only be exploited if the bad actor has already gained access, which in itself is a much bigger issue.

Regardless, we have a new CVE-ID, CVE-2021-44832, and Apache has released a new fix in the form of 2.17.1 (release notes here).

Options have updated our Firewall IPS signatures, vulnerability scanners, and AI bots accordingly. We are applying v2.17.1 to any system that we patched to v2.17.0 and using v2.17.1 going forward or applying vendor patches/mitigation steps as they are released.

To summarise, version 2.17.1 will now address each of these vulnerabilities:

CVE CVSS v3.1 Score (out of 10) NVD Published Date
CVE-2021-44832 6.6 28/12/2021
CVE-2021-45105 5.9 18/12/2021
CVE-2021-45046 9.0 14/12/2021
CVE-2021-44228 10.0 10/12/2021

 

To learn more about Options Managed Security offering, click here.

  • Options InfoSec Committee.

 

Earlier updates can be found here:

Zero-Day: Log4Shell

Zero-Day: Log4Shell Update, 14th December

Log4Shell: Log4j Exploit, A New Variant – 15th December Update

Log4Shell – Log4j Exploit, A New(er) Variant

Log4Shell – Log4j Exploit – Team Work, Automation and AI

Leave a Reply

Your email address will not be published. Required fields are marked *