• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Apache Log4j2 Vulnerability

Released: Dec 10, 2021

Updated: Jun 27, 2022

Download PDF »

Log4j2 Vulnerability

Critical Severity

Apache Vendor

Vulnerability, Attack Type

RCE and DoS in Apache Java logging library

A 0-day exploit was discovered on a popular Java library Log4j2 that can result to a Remote Code Execution (RCE). This is a widely deployed library, and while systems protected by Fortinet Security Fabric are secured by the protections below, all systems need to upgrade ASAP as this is 10.0 severity. Due to the high visibility and attention, subsequent vulnerabilities have since emerged Learn More »

Common Vulnerabilities and Exposures

CVE-2021-44228
CVE-2021-45046
CVE-2021-45105
CVE-2021-44832
CVE-2021-4104

Background

The Log4j2 is a Java-based logging utility that is part of the Apache Software. For more details on the background please read Fortinet Blog: https://www.fortinet.com/blog/threat-research/critical-apache-log4j-log4shell-vulnerability-what-you-need-to-know To view, Fortinet products impacted by this vulnerability, refer to: https://www.fortiguard.com/psirt/FG-IR-21-245 Technical information pertaining to each vulnerability, please refer to the FortiGuard Threat Signals at: https://www.fortiguard.com/threat-signal-report/4335 https://www.fortiguard.com/threat-signal-report/4339 https://www.fortiguard.com/threat-signal-report/4345 https://www.fortiguard.com/threat-signal-report/4360

Threat Radar Overall Score:
CVSS Rating 10.0
FortiRecon Score 95/100
Known Exploited Yes
Exploit Prediction Score 97.56%
FortiGuard Telemetry 84419

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


Dec 9th: A 0-day was posted on Twitter with a PoC posted in GitHub. On Dec 10, several security-related websites picked up the vulnerability and released an article.


Jun 27, 2022: Over 6 months later, stories of Log4j2 exploits continue to be published on near-daily basis and FortiGuard Labs continues to see active exploitation attempts. On a single day (Jun 14, 2022), FortiGuard IPS blocked over 50,000 exploits.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Lure

  • Decoy VM

  • Vulnerability

  • IPS

  • Web App Security

DETECT

  • Threat Hunting

  • IOC

  • Outbreak Detection

RESPOND

  • Automated Response

  • Assisted Response Services

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Attack Surface Hardening

  • Business Reputation

  • Vulnerability Management

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
anti-viral.us domain Active
buynvf96.info domain Active
chokeabitch.us domain Active
185.140.53.194 ip Active
94.103.80.16 ip Active
http://dogecoin.deaftone.com:8080/mainls.cs url Active
http://dqwowqjudhqwdhasdadadw.com/NOE/itpidd.class url Active
dqwowqjudhqwdhasdadadw.com domain Active
0-0-0-0-0-0-0-0-0-0-0-0-0-10-0-0-0-0-0-0-0-0-0-... domain Active
0-0-0-0-0-0-0-0-0-0-0-0-0-5-0-0-0-0-0-0-0-0-0-0... domain Active
162.243.211.204 ip Active
51.254.221.129 ip Active
http://162.243.211.204/nsshpftp url Active
http://51.254.221.129/c/bash url Active
http://51.254.221.129/c/cron url Active
http://51.254.221.129/c/nsshcron url Active
http://51.254.221.129/c/nsshpftp url Active
http://51.254.221.129/c/nsshtfti url Active
http://51.254.221.129/c/ntpd url Active
http://51.254.221.129/c/pftp url Active
http://51.254.221.129/c/sshd url Active
http://51.254.221.129/c/tfti url Active
128.199.251.119 ip Active
182.253.210.130 ip Active
91.210.104.247 ip Active
209.182.122.217 ip Active
62.102.148.158 ip Active
109.190.253.11 ip Active
111.73.46.184 ip Active
155.254.33.183 ip Active
5.188.62.245 ip Active
176.10.99.200 ip Active
213.61.215.54 ip Active
185.82.218.60 ip Active
174.105.233.82 ip Active
182.56.134.44 ip Active
68.14.210.246 ip Active
96.37.137.42 ip Active
216.201.162.158 ip Active
24.164.79.147 ip Active
3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b... file Active
190.154.203.218 ip Active
36.89.85.103 ip Active
108.188.116.179 ip Active
194.5.250.118 ip Active
91.235.129.60 ip Active
200.35.56.81 ip Active
177.103.240.149 ip Active
187.58.56.26 ip Active
189.80.134.122 ip Active
198.46.177.119 ip Active
170.238.117.187 ip Active
193.161.193.99 ip Active
http://fkd.derpcity.ru/f/udevd url Active
http://5.19.4.15/f/udevd url Active
195.93.223.100 ip Active
170.233.120.53 ip Active
181.49.61.237 ip Active
186.42.98.254 ip Active
200.21.51.38 ip Active
51.254.69.244 ip Active
194.36.189.168 ip Active
81.190.160.139 ip Active
178.183.150.169 ip Active
31.128.13.45 ip Active
31.214.138.207 ip Active
181.112.52.26 ip Active
186.71.150.23 ip Active
194.36.189.165 ip Active
45.235.213.126 ip Active
46.174.235.36 ip Active
89.228.243.148 ip Active
144.91.79.9 ip Active
146.185.219.29 ip Active
172.245.97.148 ip Active
185.222.202.192 ip Active
185.222.202.76 ip Active
185.62.188.117 ip Active
185.68.93.43 ip Active
195.123.238.191 ip Active
195.133.196.151 ip Active
101.108.92.111 ip Active
144.91.79.12 ip Active
181.10.207.234 ip Active
201.210.120.239 ip Active
201.187.105.123 ip Active
79.134.225.70 ip Active
95.215.207.58 ip Active
170.84.78.224 ip Active
181.112.157.42 ip Active
181.113.28.146 ip Active
181.129.104.139 ip Active
181.129.134.18 ip Active
181.129.167.82 ip Active
181.196.207.202 ip Active
176.121.14.113 ip Active
79.134.225.104 ip Active
31.220.40.22 ip Active
79.134.225.89 ip Active
185.244.30.92 ip Active