Intrusion PreventionApache.Log4j.Error.Log.Configuration.File.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Apache Log4j.
The vulnerability is due to insecure loading of external configuration in the application. A remote attacker with permission to modify the logging configuration file may be able to exploit this to execute arbitrary code within the context of the application, via a crafted configuration file.
Outbreak Alert
A 0-day exploit was discovered on a popular Java library Log4j2 that can result to a Remote Code Execution (RCE). This is a widely deployed library, and while systems protected by Fortinet Security Fabric are secured by the protections below, all systems need to upgrade ASAP as this is 10.0 severity. Due to the high visibility and attention, subsequent vulnerabilities have since emerged
Affected Products
Apache Log4j before version 2.17.1
Impact
System Compromise: Remote attacker can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
https://logging.apache.org/log4j/2.x/security.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-01-25 | 19.247 | Sig Added |
| 2022-01-12 | 19.238 | Sig Added |
| 2022-01-05 | 19.234 | Default_action:pass:drop |
| 2021-12-29 | 19.231 |
| ID | 51060 |
| Created | Dec 29, 2021 |
| Updated | Jan 24, 2022 |
| Outbreak Alert | Log4j2 Vulnerability |
| Risk |
|
| CVE ID | CVE-2021-44832 |
| Exploit Prediction Score | 2.24% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache |