Intrusion PreventionApache.Log4j.Error.Log.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Apache Log4j.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.
Outbreak Alert
A 0-day exploit was discovered on a popular Java library Log4j2 that can result to a Remote Code Execution (RCE). This is a widely deployed library, and while systems protected by Fortinet Security Fabric are secured by the protections below, all systems need to upgrade ASAP as this is 10.0 severity. Due to the high visibility and attention, subsequent vulnerabilities have since emerged.
View the full Outbreak Alert Report
Joint Cybersecurity Advisory (CSA) has released the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by Peoples Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). Previously, FortiGuard labs has already published various Outbreaks Alerts included in the released CISA's advisory such as: Apache Log4j, Hikvision Webserver Vulnerability, Atlassian Confluence OGNL RCE Vulnerability, Microsoft Exchange Server RCE Vulnerabilities etc. See the full list at: https://www.fortiguard.com/outbreak-alert Links to dedicated reports on each published outbreak by FortiGuard Labs are added to Additional Resources section below.
View the full Outbreak Alert Report
View the full Outbreak Alert Report
A new campaign conducted by the Lazarus Group is seen employing new DLang-based Remote Access Trojans (RATs) malware in the wild. The APT groups has been seen to target manufacturing, agricultural and physical security companies by exploiting the Log4j vulnerability and using it for initial access leading to a C2 (command and control) channel with the attacker.
Affected Products
Apache Log4j before version 2.16
Apache Log4j version 1.2
Impact
System Compromise: Remote attacker can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
https://logging.apache.org/log4j/2.x/security.html
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2025-08-04 | 33.057 |
Modified
|
Sig Added |
| 2022-09-29 | 22.404 |
Modified
|
Sig Added |
| 2022-08-24 | 21.380 |
Modified
|
Sig Added |
| 2022-06-21 | 21.342 |
Modified
|
Sig Added |
| 2022-06-15 | 21.339 |
Modified
|
Sig Added |
| 2022-06-13 | 21.337 |
Modified
|
Sig Added |
| 2022-06-04 | 21.331 |
Modified
|
Sig Added |
| 2022-05-18 | 20.318 |
Modified
|
Sig Added |
| 2022-05-04 | 20.309 |
Modified
|
Sig Added |
| 2022-05-02 | 20.307 |
Modified
|
Sig Added |
| ID | 51006 |
| Created | Dec 10, 2021 |
| Updated | Aug 04, 2025 |
| CVE ID | |
| Tags | Log4j2 Vulnerability CISAtop20_PRC2022 2022 Annual Report Lazarus RAT Attack Threat Signal |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 94.36% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache |
| Profile Type | Permission/Privilege/Access Control |