Apache Foundation unveiled a dangerous vulnerability last week in the Log4j registry library, an open source Java-based “software” that is present in many products and services that use the programming language. Log4j keeps a log of the activity that takes place during the operation of an application. Thus, for example, in the event of an error, all recorded events can be reviewed to help identify the failure.

The critical vulnerability Log4Shell (CVE-2021-44228) can be exploited to access networks and systems that use “software” that includes this ubiquitous registry library, in its versions from 2.0-beta9 to 2.14.1. If the attacker succeeds in log4j register a certain string of characters, you can use the vulnerability to access the system and perform actions such as install “malware”, Spy or delete data, among others.

In the case of the popular video game Minecraft, it was possible to exploit it by typing in the game chat said string of characters to be registered in the “log”. Its potential for danger has been rated by Apache out of ten and according to security experts such as Amit Yoran (Tenable), it is “the greatest and most critical vulnerability of the last decade”.

At the same time that it made public the vulnerability CVE-2021-44228, Log4Shell, Apache released an update (2.15.0) of its library that corrects the problem, but now it is necessary for the systems and applications that use it to update it to remain secure. Large companies began to secure their systems from the moment it was made public, but with “software” as ubiquitous as the Log4j library, which is often part of third-party applications that are the ones that must perform the update, many services and products can remain unprotected despite the danger of Log4Shell.

The security firm ESET, for example, has alerted of the activity of cybercriminals who scan the internet for vulnerable systems to access them. The company has indicated on Twitter that hundreds of thousands of attempts to exploit the vulnerability are being blocked around the world, mainly in the United States, the United Kingdom, Turkey, Germany and the Netherlands.

What are the products affected by Log4Shell?

The National Institute of Cybersecurity, INCIBE, has published a provisional list of products potentially affected by this vulnerability. From its website, it also links to the contributions of the researcher SwitHak and those of the Dutch Center for National Security (NCSC-NL).

The relationship of INCIBE focuses on products and services from companies such as CISCO, VMware, RedHat, Apache Solr, Apache Struts, Solarwinds, Debian y Citrix, among others, by linking to their respective websites with the list of affected products and measures taken.

The list provided by the researcher SwitHack contains a much more extensive relationship with names like BitDefender, Cpanel, Dell, F-Secure, Google Cloud, Siemens, TP-Link y Oracle among many other companies. This list includes not only companies with vulnerable “software” but also those that have spoken out on the subject either to indicate that they are not in danger or to advise clients of their services how to deal with this problem in third-party “software”.

But the most complete relationship is that of the NCSC-NL, which also indicates data such as the product version and if it is vulnerable, it is not or was but the update has already been implemented of the Log4j that fixes the vulnerability.

Categorized in:

Technology

Tagged in:

, , , ,