IronEdge Group continues to actively work with our partners and monitor this vulnerability. As of this morning, there have been over 60 reported variants of the exploit. The Log4j vulnerability impacts 100,000,000+ devices from corporate applications to devices used in your home.
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a website providing information to keep the public updated on this threat and provide guidance.
All organizations need to be communicating with their third party vendors to understand their vulnerability to this threat and actions they have taken to mitigate them and their customers from being impacted.
What is the issue?
Web applications that utilize the logging platform log4j are vulnerable to an attack where a bad actor can execute a malicious code by submitting a specially crafted request to the vulnerable system. This gives the attacker access to execute arbitrary code loaded from LDAP servers which allows them to gain access to the environment through the deployment of other malicious tools, or cause a denial of service. Log4j is incorporated into many popular frameworks, making the impact widespread and hard to completely identify.
The vulnerability impacts multiple versions of Log4j and the applications that depend on it. Log4j versions 2.0 to 2.14.1 are vulnerable to this CVE.
How IronEdge Group has responded to help protect our clients:
- Immediately and continually work with our vendors to identify and evaluate the threat landscape of this vulnerability
- Executed remediation steps to potential exposed applications based on vendor recommendations
- Added additional mitigations to our tools to prevent exploit
- Expediated the deployment of SentinelOne EDR tool
- Continue to run external vulnerability scans on clients to identify potential vulnerable IP’s