Threat Advisory: Log4shell CVE-2021-44228 Vulnerability Leaves Users Open to Remote Code Execution
Consolidated Technologies, Inc. and our security staff are aware of the recently disclosed security issue relating to the open-source Apache “Log4j2″ utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for all CTI customers which use Log4j2.
A critical remote code vulnerability has emerged in Log4j, a Java Logging package that is used in a number of software products and platforms from organizations like Apache, Apple, Twitter, Tesla and Steam. This vulnerability impacts almost every Java application that writes logs using this library. Apache has released a patch for this vulnerability, which is being tracked as CVE-2021-44228.
Technical detail and additional information
WHAT IS THE THREAT?
This is a Remote Code Execution Vulnerability. If exploited, an attacker could potentially use this to execute remote commands, which would enable them to run anything they wanted on a vulnerable device. This could lead to data leakage, or even complete system compromise, which can lead to denial of service. Because there is a proof of concept available for this vulnerability, Security professionals are expecting to see a heightened number of attacks and attempts to exploit vulnerable users.
WHY IS IT NOTEWORTHY?
As stated earlier, this vulnerability affects any application which uses Log4j for logging. This includes software from Apache, Apple, Twitter, Tesla, Steam, ElasticSearch, Redis, and within many video games (such as Minecraft). This gives cyber criminals an incredibly wide scope of potential targets. This exploit’s ramifications are so large that it is being considered a “shellshock” vulnerability. Attackers are always looking out for these types of widely exploitable vulnerabilities. This RCE exploit is one of the biggest to surface recently. It is very important to keep services updated and apply patches as they are released to prevent threat actors from accessing and damaging your systems.
WHAT IS THE EXPOSURE OR RISK?
This exploit could potentially allow attackers to execute remote code on an impacted device. Remote Code Execution could lead to several possible compromises, such as data leakage, Denial of Service attacks, and even complete system compromises. Because the vulnerable library is used in so many different applications, attackers are not necessarily looking for a particular target. It only takes one line of text to trigger this attack, so attackers are just spraying this around everywhere they can and hoping to find vulnerable applications. If a machine is compromised, attackers could gain access to sensitive information by executing arbitrary system commands and even creating or deleting files. Log4j is used for logging on many different applications, many of which are used and trusted by businesses and individuals worldwide. The expectation is that any data stored in these applications remains private, and that these applications will be available to conduct everyday business. This vulnerability could potentially put these expectations at risk if exploited by attackers, so it is very important to ensure that all patches are applied.