Security News > 2021 > December > CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities

CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities
2021-12-28 19:34

Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries.

"Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. These vulnerabilities are likely to be exploited over an extended period."

An attacker can exploit Log4Shell by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code.

Since the vulnerabilities became public knowledge this month, unpatched servers have come under siege from ransomware groups to nation-state hackers, who have used the attack vector as a conduit to gain access to networks to deploy Cobalt Strike beacons, cryptominers, and botnet malware.

The U.S. Federal Bureau of Investigation's assessment of the attacks has also raised the possibility that threat actors are incorporating the flaws into "Existing cyber criminal schemes that are looking to adopt increasingly sophisticated obfuscation techniques." In light of the severity of the vulnerabilities and likely increased exploitation, organizations are being urged to identify, mitigate, and update affected assets as soon as possible.

To that end, the U.S. Cybersecurity and Infrastructure Security Agency has also released a scanner utility to identify systems vulnerable to the Log4Shell vulnerability, mirroring a similar tool released by the CERT Coordination Center.


News URL

https://thehackernews.com/2021/12/cisa-fbi-and-nsa-publish-joint-advisory.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-12-14 CVE-2021-45046 Expression Language Injection vulnerability in multiple products
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
network
high complexity
apache intel cvat siemens debian sonicwall fedoraproject CWE-917
critical
9.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
NSA 2 0 2 7 5 14