Intrusion PreventionApache.Log4j.Error.Log.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Apache Log4j.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.
Outbreak Alert
A 0-day exploit was discovered on a popular Java library Log4j2 that can result to a Remote Code Execution (RCE). This is a widely deployed library, and while systems protected by Fortinet Security Fabric are secured by the protections below, all systems need to upgrade ASAP as this is 10.0 severity. Due to the high visibility and attention, subsequent vulnerabilities have since emerged.
View the full Outbreak Alert Report
Joint Cybersecurity Advisory (CSA) has released the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by Peoples Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). Previously, FortiGuard labs has already published various Outbreaks Alerts included in the released CISA's advisory such as: Apache Log4j, Hikvision Webserver Vulnerability, Atlassian Confluence OGNL RCE Vulnerability, Microsoft Exchange Server RCE Vulnerabilities etc. See the full list at: https://www.fortiguard.com/outbreak-alert Links to dedicated reports on each published outbreak by FortiGuard Labs are added to Additional Resources section below.
View the full Outbreak Alert Report
In the year 2022, FortiGuard IPS and FortiGuard AV/Sandbox blocked three trillion and six trillion hits respectively from vulnerabilities, malware and 0-day attacks. Those encompassed several thousand varieties of Remote Code Execution, Cross-Site Scripting, Elevation of Privilege, Denial of Service, Trojans, Exploits. FortiGuard Labs alerted customers with numerous critical threats throughout the year based on factors such as proof-of-concept, attack vectors, impact, ease of attack, dependencies, and more. This annual report covers:>
Affected Products
Apache Log4j before version 2.16
Apache Log4j version 1.2
Impact
System Compromise: Remote attacker can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
https://logging.apache.org/log4j/2.x/security.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-09-29 | 22.404 | Sig Added |
| 2022-08-24 | 21.380 | Sig Added |
| 2022-06-21 | 21.342 | Sig Added |
| 2022-06-15 | 21.339 | Sig Added |
| 2022-06-13 | 21.337 | Sig Added |
| 2022-06-04 | 21.331 | Sig Added |
| 2022-05-18 | 20.318 | Sig Added |
| 2022-05-04 | 20.309 | Sig Added |
| 2022-05-02 | 20.307 | Sig Added |
| 2022-04-19 | 20.300 | Sig Added |
| ID | 51006 |
| Created | Dec 10, 2021 |
| Updated | Apr 17, 2023 |
| Outbreak Alert | Log4j2 Vulnerability CISAtop20_PRC2022 2022 Annual Report |
| Risk |
|
| CVE ID | CVE-2021-4104 CVE-2021-45046 CVE-2021-44228 |
| EPSS | 97.45% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache |