Several weeks ago, a remote code execution vulnerability was identified in the Log4j2 Apache library. This vulnerability spans versions 2.0-beta7 to 2.17.0 with the exception of intermediate versions 2.3.2 and 2.12.4. The vulnerability may be addressed by updating the module to version 2.17.1 or newer.
For the CVE related to this vulnerability, please see the following link: https://nvd.nist.gov/vuln/detail/CVE-2021-44832
The United States Cybersecurity & Infrastructure Agency (CISA) released the following statement regarding the vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2021-44832
The Log4j library is an open-source library built into Apache for logging. There are potentially millions of instances of this library throughout internet connected devices, as it is a very popular open-source software. The remote code execution vulnerability can be exploited by using a specific string that is formatted to appear like any other log message to the Log4j module. This can then be inserted into the module and logged thus granting an attacker the ability to execute code remotely. Splunk provided a useful dashboard of information pertaining to this vulnerability: https://www.splunk.com/en_us/cyber-security/log4shell-log4j-response-overview.html
For a much more detailed description of this vulnerability, how it may be exploited, and methods already seen “in the wild,” Palo Alto Networks provided this in depth article: https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
Splunk also provided a means for attempting to detect this vulnerability, explained in depth in the following article: https://www.splunk.com/en_us/blog/security/log-jammin-log4j-2-rce.html
Lastly, Microsoft provided an article detailing the vulnerability and how it can be detected and remediated across Microsoft products at the following link: https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
The Log4j vulnerability is likely to have far-reaching impact across industries for the foreseeable future. Stay tuned to the Sandalwood Blog for the latest information.