Vulnerability CVE-2021-44228

Vulnerability CVE-2021-44228

Published: 2021-12-10

Description:

Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Log4j2 Remote Code Execution PoC	唐小风	10.12.2021
High	Apache Log4j 2 Remote Code Execution (Py)	kozmer, z9fr, sv...	14.12.2021
High	Apache Log4j2 2.14.1 Information Disclosure	leonjza	16.12.2021
High	Log4Shell HTTP Header Injection	sinn3r	12.01.2022
High	MobileIron Log4Shell Remote Command Execution	Spencer McIntyre	03.08.2022
Med.	Intel Data Center Manager 5.1 Local Privilege Escalation	Julien Ahrens	11.12.2022

Type:

CWE-502

(Deserialization of Untrusted Data)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Sonicwall -> Email security
Siemens -> Mindsphere
Siemens -> Spectrum power 7
Siemens -> Navigator
Siemens -> Teamcenter
Siemens -> Captial
Siemens -> NX
Siemens -> Vesys
Siemens -> Comos
Siemens -> Opcenter intelligence
Siemens -> Xpedition enterprise
Siemens -> Desigo cc advanced reports
Siemens -> Operation scheduler
Siemens -> Xpedition package integrator
Siemens -> Desigo cc info center
Siemens -> Sentron powermanager
Siemens -> E-car operation center
Siemens -> Siguard dsa
Siemens -> Energy engage
Siemens -> Sipass integrated
Siemens -> Energyip
Siemens -> Siveillance command
Siemens -> Energyip prepay
Siemens -> Siveillance control pro
Siemens -> Gma-manager
Siemens -> Siveillance identity
Siemens -> Head-end system universal device integration system
Siemens -> Siveillance vantage
Siemens -> Industrial edge management
Siemens -> Siveillance viewpoint
Siemens -> Industrial edge management hub
Siemens -> Solid edge cam pro
Siemens -> Logo\! soft comfort
Siemens -> Solid edge harness design
Siemens -> Mendix
Siemens -> Spectrum power 4
Netapp -> Active iq unified manager
Netapp -> Cloud insights
Netapp -> Cloud manager
Netapp -> Cloud secure agent
Netapp -> Oncommand insight
Netapp -> Ontap tools
Netapp -> Snapcenter
Intel -> Audio development kit
Intel -> Computer vision annotation tool
Intel -> Data center manager
Intel -> Genomics kernel library
Intel -> Oneapi sample browser
Intel -> Secure device onboard
Intel -> Sensor solution firmware development kit
Intel -> System debugger
Intel -> System studio
Fedoraproject -> Fedora
Debian -> Debian linux
Cisco -> Cloudcenter workload manager
Cisco -> Enterprise chat and email
Cisco -> Sd-wan vmanage
Cisco -> Workload optimization manager
Cisco -> Common services platform collector
Cisco -> Evolved programmable network manager
Cisco -> Smart phy
Cisco -> Unified intelligence center
Cisco -> Connected mobile experiences
Cisco -> Finesse
Cisco -> Ucs central
Cisco -> Unified sip proxy
Cisco -> Contact center domain manager
Cisco -> Fog director
Cisco -> Ucs director
Cisco -> Unified workforce optimization
Cisco -> Contact center management portal
Cisco -> Identity services engine
Cisco -> Unified communications manager
Cisco -> Crosswork data gateway
Cisco -> Integrated management controller supervisor
Cisco -> Unified communications manager im and presence service
Cisco -> Crosswork network controller
Cisco -> Intersight virtual appliance
Cisco -> Unified contact center enterprise
Cisco -> Crosswork optimization engine
Cisco -> Iot operations dashboard
Cisco -> Unified contact center express
Cisco -> Advanced malware protection virtual private cloud appliance
Cisco -> Crosswork platform infrastructure
Cisco -> Network assurance engine
Cisco -> Unified customer voice portal
Cisco -> Automated subsea tuning
Cisco -> Crosswork zero touch provisioning
Cisco -> Network services orchestrator
Cisco -> Unity connection
Cisco -> Broadworks
Cisco -> Customer experience cloud agent
Cisco -> Nexus dashboard
Cisco -> Video surveillance operations manager
Cisco -> Business process automation
Cisco -> Cyber vision sensor management extension
Cisco -> Nexus insights
Cisco -> Virtual topology system
Cisco -> Cloud connect
Cisco -> Data center network manager

References:

https://logging.apache.org/log4j/2.x/security.html

http://www.openwall.com/lists/oss-security/2021/12/10/1

http://www.openwall.com/lists/oss-security/2021/12/10/2

http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html

https://security.netapp.com/advisory/ntap-20211210-0007/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

http://www.openwall.com/lists/oss-security/2021/12/10/3

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

https://www.oracle.com/security-alerts/alert-cve-2021-44228.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/

http://www.openwall.com/lists/oss-security/2021/12/13/1

http://www.openwall.com/lists/oss-security/2021/12/13/2

https://twitter.com/kurtseifried/status/1469345530182455296

https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html

https://www.debian.org/security/2021/dsa-5020

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html

http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html

http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html

http://www.openwall.com/lists/oss-security/2021/12/14/4

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html

https://www.kb.cert.org/vuls/id/930724

http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html

http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html

http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html

http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html

http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html

http://www.openwall.com/lists/oss-security/2021/12/15/3

https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf

https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Vulnerability CVE-2021-44228

See advisories in our WLB2 database:

High

Log4j2 Remote Code Execution PoC

High

Apache Log4j 2 Remote Code Execution (Py)

High

Apache Log4j2 2.14.1 Information Disclosure

High

Log4Shell HTTP Header Injection

High

MobileIron Log4Shell Remote Command Execution

Med.

Intel Data Center Manager 5.1 Local Privilege Escalation

CWE-502

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

9.3/10

10/10

8.6/10

Remote

Medium

No required

Complete

Complete

Complete

Affected software

References: