CVE-2021-44228 Log4Shell

Overview

A zero-day vulnerability involving remote code execution in Log4j 2, given the descriptor "Log4Shell" (CVE-2021-44228), was found and reported to Apache by Alibaba on November 24, 2021, and published in a tweet on December 9, 2021.

Impact

NG Firewall uses log4j version 1.2.16, which is not affected by this vulnerability.

Micro Edge does not use log4j and is unaffected.

The cloud environment used to facilitate ETM Dashboard functionality does use log4j and Edge Threat Management staff update this component on a regular basis. Log4j was updated to the latest version shortly after the vulnerability and the associated update became public.

Protecting Your Network

Intrusion Prevention in NG Firewall has default signatures for log4j-based attacks. You can create a rule in Intrusion Prevention > Rules to block all attacks determined to be log4j:

  1. Add a new rule
  2. Add the condition Message Contains log4j
  3. Change the Action setting to "Enable Block"

block_log4shell.png

 

Follow
Was this article helpful?
17 out of 18 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk