About the vulnerability
Classified by US National Institute of Standards and Technologies (NIST) and listed in the National Vulnerability Database (NVD) as a critical vulnerability with a base score of 10, the zero-day vulnerability (CVE-2021-44228) has been discovered in the widely used Apache Log4j library which, if exploited, could permit a remote attacker to execute a malicious payload by submitting a specially crafted request to vulnerable systems. Log messages or log message parameters can then be controlled by the attacker to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. Since Log4j is incorporated into many popular frameworks, the impact is widespread.
The vulnerability impacts multiple versions of Log4j and the applications that depend on it.
Log4j versions 2.0 to 2.14.1 are vulnerable to this CVE. Users of Log4j should immediately update to the version (2.15.0) available here.
How it impacts Nexusguard’s product, platform and services
All our platforms enforce strict inspections and undergo rigorous security hardening, so as to ensure there is no risk of high-severity vulnerabilities. We adhere to stringent security compliance rules and apply the latest security updates to further bolster our platforms and infrastructures to safeguard the availability and service uptime of our customers’ networks.
More specifically, Nexusguard services are not dependent nor do they make use of any objects that are currently affected by this vulnerability.
For our customers
With the aim of providing our customers with an immediate protection against exploitation of this vulnerability, we have delivered a custom Web Application Firewall (WAF) rule that our Application Protection (AP) customers can immediately apply to their service. When turned on and set into “block mode”, the Virtual Patch will stop malicious requests from reaching vulnerable servers in any form, ensuring our customers’ assets are safeguarded. This also allows the system administrator to upgrade the Log4j library to a vulnerability free version at any time and eliminate the risk completely.
The threat is real. Take immediate steps now.
Due to the severity and widespread exposure of this vulnerability, anyone impacted and unable to update their Apache Versions should seek assistance from a specialist immediately. Nexusguard’s Application Protection provides easy-to-implement and effective protection against all forms of network layer and application layer attacks including all potential zero-day attacks.
For further information, please read about Nexusguard’s Application Protection or reach out to us via our emergency contact form.