Description: Log4j is a Java based logging audit framework within Apache. Apache Log4j <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. The vulnerability impacts default configurations of a number of Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, and Apache Flink, which are utilized by numerous organizations from Apple, Amazon, Cloudflare, Twitter, Steam, and others.
The vulnerability is triggered by sending a specific string to the log4j software which means it is simple to exploit and the broad utilization of this software means there are multiple attack vectors. There are examples where connecting to an SSID containing the exploit string, sends a log to the OS vendor server and triggers the vulnerability in their network. For this reason, we expect to see some of these issues crop up for some time.
CVSS: 10 - Critical
CVE: CVE-2021-44228
Barracuda Networks: Neither the Barracuda CloudGen Firewall nor the Barracuda CloudGen WAN product lines are affected.
IPS Signature Protection:
The following IPS signatures were released on December 13, 2021 to protect against CVE-2021-44228
- Signature ID 1230268 - WEB Apache log4j Remote Code Execution - 1.u (CVE-2021-44228)
- Signature ID 1230269 - WEB Apache log4j Remote Code Execution - 1.h (CVE-2021-44228)
- Signature ID 1230274 - WEB Apache log4j Remote Code Execution - 2.u (CVE-2021-44228)
- Signature ID 1230275 - WEB Apache log4j Remote Code Execution - 1.h (CVE-2021-44228)
Update: CVE-2021-45046
The Apache Software Foundation (ASF) has pushed out a new fix for the Log4j logging utility after the previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations."
The second vulnerability — tracked as CVE-2021-45046 — is rated 3.7 out of a maximum of 10 on the CVSS rating system and affects all versions of Log4j from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0, which the project maintainers shipped last week to address a critical remote code execution vulnerability (CVE-2021-44228) that could be abused to infiltrate and take over systems.
Barracuda Networks: Neither the Barracuda CloudGen Firewall nor the Barracuda CloudGen WAN product lines are affected by CVE-2021-45046.
IPS Signature Protection:
The following IPS signature was released on December 17, 2021 to protect against CVE-2021-45046
- 1230318 WEB Apache log4j Denial of Service (CVE-2021-45046)