Scope of covered assets: Due to the limited availability of initial information, identification and mitigation efforts may have been scoped to a limited number of an organization’s assets.(Updated April 8, 2022) Organizations should continue identifying and remediating vulnerable Log4j instances within their environments and plan for long term vulnerability management. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system. Note: CISA will continue to update this webpage as well as our community-sourced GitHub repository as we have further guidance to impart and additional vendor information to provide.ĬISA and its partners, through the Joint Cyber Defense Collaborative, are responding to active, widespread exploitation of a critical remote code execution (RCE) vulnerability ( CVE-2021-44228) in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell." Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications-as well as in operational technology products-to log security and performance information. Monitor for odd traffic patterns (e.g., JNDI LDAP/RMI outbound traffic, DMZ systems initiating outbound connections).Assume compromise, identify common post-exploit sources and activity, and hunt for signs of malicious activity. Discover all assets that use the Log4j library.
Discover all internet-facing assets that allow data inputs and use Log4j Java library anywhere in the stack.Immediate Actions to Protect Against Log4j Exploitation
0 kommentar(er)
