You are currently viewing Log4j – Critical RCE Vulnerability – Impact and Resolution?
Log4j Critical RCE Vulnerability Impact and Resolution

Log4j – Critical RCE Vulnerability – Impact and Resolution?

What is Log4j and its impact in IT Industries

Log4j is a phrase that has been causing quite a stir in the IT industry in recent days, thanks to its 0-day release earlier this month. A zero-day vulnerability is a fault or weakness in a software package that was just identified by the vendor. It’s something that’s been there for a long time but has only now been discovered. The software weakness was discovered, publicized (and patched) on December 10th, 2021, which implies that any system with this vulnerability/flaw will be vulnerable to hackers until it is patched.

The buzz is due to the fact that Log4j is utilized by millions of devices, all of which are vulnerable to hackers. This bug affects all versions of Log4j, indicating that it has been around for “a long time.” This also means that hacker organizations may be exploiting this issue in stealth for years and we would be completely unaware of it. The vulnerability was addressed, but whether or not the patch was implemented to all of the susceptible systems is another issue. “CVE-2021-44228” is the name of the vulnerability/flaw in Log4j.

CVE-2021-44228 – In Detail

  • The reports of a major vulnerability in the popular Java package “Log4j”. At the time of these disclosures, the vulnerability had reportedly been exploited “in the wild” by threat actors, and there was no patch available to correct it (0-day exploit).
  • The Apache Foundation developed and maintains Log4j, a prominent Java library. As a logging framework for Java, the library is extensively adopted and utilized in many commercial and open-source software products.
  • The flaw (CVE-2021-44228 1) is severe because it can be exploited remotely by an unauthenticated attacker to run arbitrary code (remote code execution – RCE). The vulnerability’s criticality is rated a ten (out of ten) on the common vulnerability scoring system (CVSS), which indicates how serious the vulnerability is.
  • The issue stems from the log4j processor’s handling of log messages. If an attacker delivers a particularly constructed message, it may cause the loading of an external code class or message lookup, as well as the execution of that code, resulting in Remote Code Execution (RCE).

How Could a Vulnerability in Log4j Affect You?

If you haven’t heard of Apache Log4j before, it’s probably now on your radar. It’s possible that you’ve been using it for a long time. Log4j is a logging framework for Java. Consider keeping a notepad of your daily activities. Log4j is the name of the notebook. It’s used by developers and programmers to keep track of what’s going on with applications and servers.

  • For both server and client applications, Log4j is utilized by a high percentage of Java programmes built in the recent decade. Java is also one of the most widely used programming languages in the commercial world.
  • Java is also one of the most widely used programming languages in the commercial world. That’s why cybersecurity experts were alarmed on December 9, 2021, when Chen Zhaojun of the Alibaba Cloud Security Team found CVE-2021-44228, also known as Log4Shell, a high-severity vulnerability that impacts Log4j’s core function and a publicly available attack.
  • CVE-2021-44228 allows attackers to execute code remotely, which means they can access all data on the compromised machine and run any code they choose. They can also erase or encrypt files and demand a ransom for them. With the exploit, attackers can do any function that the impacted asset can. This means that everything that logs user-controlled data using a vulnerable version of Log4j is vulnerable to attack.

How Can You Keep Your Company Safe?

Patching is still the most important activity to conduct today, despite its difficulty. After a bypass was discovered, Apache published version 2.15.0-rc1, which was immediately followed by 2.15.0-rc2.

  • For individuals who are unable to patch, Apache has provided the following mitigations (source: https://logging.apache.org/log4j/2.x/security.html):
  • Setting the system property log4j2.formatMsgNoLookups or the environment variable LOG4J FORMAT MSG NO LOOKUPS to true in releases >=2.10 will minimize this behaviour. The mitigation is to remove the JndiLookup class from the classpath for releases 2.0-beta9 to 2.10.0: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
  • Designing an environment with strong network security rules can aid with prevention. Servers, for example, can only generate network connections to explicitly allowed destinations in well-designed systems. Creating a default-deny firewall rule will stop servers from making unauthorized connections, lowering your risk of a security breach. This is especially critical for servers that are connected to the internet.

Web Application Audit & Secure Code Review

The Log4j flaw is complicated, and its full ramifications are still being investigated. Because reliable detection techniques will differ from instance to instance of the vulnerability, organizations should rely on a broad range of detection methods and technologies to discover susceptible apps or verify remediation. In addition, for extremely sensitive applications, teams should use human inspection methods.

It is quite important to conduct proactive Web Application Audit to examine web pages, applications and web servers to find security weaknesses and vulnerabilities and have corrective action. Besides, Secure Code Reviews of the developed environment with tool based and Human analysis may reveal weak links in line with security & coding standards as per industry best practices & compliance requirements.

If you need any assistance, our team will be just a call away. May connect us at info@primeinfoserv.com to book your slot. We will be happy to help as a CERT-In empaneled Auditor to safeguard your digital landscape.