Apache log4j2 log messages substitution (CVE-2021-44228)
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-245
Final
1
1
2021-12-12T00:00:00
Current version
2021-12-12T00:00:00
2021-12-12T00:00:00
Apache Log4j <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled (CVE-2021-44228).
Execute unauthorized code or commands
The following products are NOT impacted:FortiOS (includes FortiGate & FortiWiFi)FortiAnalyzerFortiManagerFortiAPFortiAuthenticatorFortiDeceptorFortiMailFortiVoiceFortiRecorderFortiSwitch & FortiSwitchManagerFortiAnalyzer CloudFortiManager CloudFortiGate CloudFortiWeb CloudFortiGSLB CloudFortiToken CloudFortiPhish CloudFortiSwicth Cloud in FortiLANCloudFortiEDR AgentFortiNACThe following products are impacted and fixes are being worked on. This advisory will be updated as soon as ETAs are available.FortiAnalyzer-BigDataFortiSIEMFortiCASBFortiPortalFortiNACFortiConvertorFortiAIOpsFortiPolicyShieldXFortiSOARFortiEDR Cloud
Please upgrade to FortiPortal version 6.0.9 or abovePlease upgrade to FortiSIEM version 6.0.5 or abovePlease upgrade to FortiAIOps version 1.0.3 or abovePlease upgrade to FortiAnalyzer-BigData version 7.2.3 or abovePlease upgrade to FortiPolicy version 7.2.0 or aboveFixed from FortiLANCloud 22.1Fixed from FortiConverter Service Portal 21.4Fixed from FortiCASB 22.1For full details of protections and detections for the IoCs related to this vulnerability, please see the https://www.fortiguard.com/outbreak-alert/log4j2-vulnerabilityIPS Signature protection (FortiOS)Fortinet have released IPS signature Apache.Log4j.Error.Log.Remote.Code.Execution, with VID 51006 to address this threat. This signature was initially released in IPS package (version 19.215). Please note that, since this is an emergency release, the default action for this signature is set to pass. Please modify the action according to your need.Web Application Firewall (FortiWeb & FortiWeb Cloud)Web Application signatures to prevent this vulnerability were added in database 0.00301 and have been updated in the latest release 0.00305 for additional coverage
https://fortiguard.fortinet.com/psirt/FG-IR-21-245
Apache log4j2 log messages substitution (CVE-2021-44228)
https://logging.apache.org/log4j/2.x/security.html
https://logging.apache.org/log4j/2.x/security.html
FortiAnalyzer-BigData 7.0.2
FortiAnalyzer-BigData 7.0.1
FortiAnalyzer-BigData 6.4.7
FortiAnalyzer-BigData 6.4.6
FortiAnalyzer-BigData 6.4.5
FortiAnalyzer-BigData 6.2.5
FortiPortal 6.0.7
FortiPortal 6.0.6
FortiPortal 6.0.5
FortiPortal 6.0.4
FortiPortal 6.0.3
FortiPortal 6.0.2
FortiPortal 6.0.1
FortiPortal 6.0.0
FortiPortal 5.3.8
FortiPortal 5.3.7
FortiPortal 5.3.6
FortiPortal 5.3.5
FortiPortal 5.3.4
FortiPortal 5.3.3
FortiPortal 5.3.2
FortiPortal 5.3.1
FortiPortal 5.3.0
FortiPortal 5.2.6
FortiPortal 5.2.5
FortiPortal 5.2.4
FortiPortal 5.2.3
FortiPortal 5.2.2
FortiPortal 5.2.1
FortiPortal 5.2.0
FortiPortal 5.1.2
FortiPortal 5.1.1
FortiPortal 5.1.0
FortiPortal 5.0.3
FortiPortal 5.0.2
FortiPortal 5.0.1
FortiPortal 5.0.0
FortiSIEM 6.7.9
FortiSIEM 6.7.8
FortiSIEM 6.7.7
FortiSIEM 6.7.6
FortiSIEM 6.7.5
FortiSIEM 6.7.4
FortiSIEM 6.7.3
FortiSIEM 6.7.2
FortiSIEM 6.7.1
FortiSIEM 6.7.0
FortiSIEM 6.6.5
FortiSIEM 6.6.4
FortiSIEM 6.6.3
FortiSIEM 6.6.2
FortiSIEM 6.6.1
FortiSIEM 6.6.0
FortiSIEM 6.5.3
FortiSIEM 6.5.2
FortiSIEM 6.5.1
FortiSIEM 6.5.0
FortiSIEM 6.4.4
FortiSIEM 6.4.3
FortiSIEM 6.4.2
FortiSIEM 6.4.1
FortiSIEM 6.4.0
FortiSIEM 6.3.3
FortiSIEM 6.3.2
FortiSIEM 6.3.1
FortiSIEM 6.3.0
FortiSIEM 6.2.1
FortiSIEM 6.2.0
FortiSIEM 6.1.2
FortiSIEM 6.1.1
FortiSIEM 6.1.0
FortiSIEM 5.4.0
FortiSIEM 5.3.3
FortiSIEM 5.3.2
FortiSIEM 5.3.1
FortiSIEM 5.3.0
FortiSIEM 5.2.8
FortiSIEM 5.2.7
FortiSIEM 5.2.6
FortiSIEM 5.2.5
FortiSIEM 5.2.2
FortiSIEM 5.2.1
FortiSIEM 5.1.3
FortiSIEM 5.1.2
FortiSIEM 5.1.1
FortiSIEM 5.1.0
FortiSIEM 5.0.1
FortiSIEM 5.0.0
Apache log4j2 log messages substitution (CVE-2021-44228)
CVE-2021-44228
CVE-2021-44832
CVE-2021-45105
FortiAnalyzer-BigData-7.0.2
FortiAnalyzer-BigData-7.0.1
FortiAnalyzer-BigData-6.4.7
FortiAnalyzer-BigData-6.4.6
FortiAnalyzer-BigData-6.4.5
FortiAnalyzer-BigData-6.2.5
FortiPortal-6.0.7
FortiPortal-6.0.6
FortiPortal-6.0.5
FortiPortal-6.0.4
FortiPortal-6.0.3
FortiPortal-6.0.2
FortiPortal-6.0.1
FortiPortal-6.0.0
FortiPortal-5.3.8
FortiPortal-5.3.7
FortiPortal-5.3.6
FortiPortal-5.3.5
FortiPortal-5.3.4
FortiPortal-5.3.3
FortiPortal-5.3.2
FortiPortal-5.3.1
FortiPortal-5.3.0
FortiPortal-5.2.6
FortiPortal-5.2.5
FortiPortal-5.2.4
FortiPortal-5.2.3
FortiPortal-5.2.2
FortiPortal-5.2.1
FortiPortal-5.2.0
FortiPortal-5.1.2
FortiPortal-5.1.1
FortiPortal-5.1.0
FortiPortal-5.0.3
FortiPortal-5.0.2
FortiPortal-5.0.1
FortiPortal-5.0.0
FortiSIEM-6.7.9
FortiSIEM-6.7.8
FortiSIEM-6.7.7
FortiSIEM-6.7.6
FortiSIEM-6.7.5
FortiSIEM-6.7.4
FortiSIEM-6.7.3
FortiSIEM-6.7.2
FortiSIEM-6.7.1
FortiSIEM-6.7.0
FortiSIEM-6.6.5
FortiSIEM-6.6.4
FortiSIEM-6.6.3
FortiSIEM-6.6.2
FortiSIEM-6.6.1
FortiSIEM-6.6.0
FortiSIEM-6.5.3
FortiSIEM-6.5.2
FortiSIEM-6.5.1
FortiSIEM-6.5.0
FortiSIEM-6.4.4
FortiSIEM-6.4.3
FortiSIEM-6.4.2
FortiSIEM-6.4.1
FortiSIEM-6.4.0
FortiSIEM-6.3.3
FortiSIEM-6.3.2
FortiSIEM-6.3.1
FortiSIEM-6.3.0
FortiSIEM-6.2.1
FortiSIEM-6.2.0
FortiSIEM-6.1.2
FortiSIEM-6.1.1
FortiSIEM-6.1.0
FortiSIEM-5.4.0
FortiSIEM-5.3.3
FortiSIEM-5.3.2
FortiSIEM-5.3.1
FortiSIEM-5.3.0
FortiSIEM-5.2.8
FortiSIEM-5.2.7
FortiSIEM-5.2.6
FortiSIEM-5.2.5
FortiSIEM-5.2.2
FortiSIEM-5.2.1
FortiSIEM-5.1.3
FortiSIEM-5.1.2
FortiSIEM-5.1.1
FortiSIEM-5.1.0
FortiSIEM-5.0.1
FortiSIEM-5.0.0
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-21-245
Apache log4j2 log messages substitution (CVE-2021-44228)
Reference>
https://logging.apache.org/log4j/2.x/security.html
https://logging.apache.org/log4j/2.x/security.html