The Log4j vulnerability has recently made headlines around the world. Concerns around this vulnerability center on the fact that an attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. This means devices that are exposed to the internet running Apache Log4j versions 2.0 to 2.14.1 NCSC notes with Log4j version 2 (Log4j2) are vulnerable.
Note: If you are looking for the latest insights into current attacks or cyberthreat trends, we recommend reading and subscribing to SKOUT Cybersecurity’s Threat Advisory.
Update from Barracuda
Security is a top priority for Barracuda Networks and Barracuda MSP. Our analysis confirms that none of our products are using vulnerable Log4j versions associated with CVE-2021-44228 at this time. Additionally, external scans against our products and production hosts have not identified actual exposure within our environment. Please visit the Barracuda Trust Center to stay up to date as we will continue to share further updates.
Our product and security teams are currently conducting holistic reviews of our infrastructure, tools, and third-party services to identify and remediate any potential vulnerabilities.
Steps we have taken to further protect our customers
Barracuda RMM: We introduced a new script that allows partners using Barracuda RMM to scan for Log4j CVE-2021-44228 vulnerability in their customers’ environments. The script identifies potentially vulnerable and vulnerable devices and shares the details through Barracuda RMM.
Barracuda WAF-as-a-Service: We are rolling out new signatures to detect Log4j exploit attempts and block them. These signatures have been updated to handle the latest evasions seen in the field as of 13/Dec/2021. These signatures and settings will block both GET and POST requests that are attempting this exploit.
While these signatures detect variations that have been seen so far, we continue to update them as newer variants pop up. As a best practice, we recommend patching your Log4j installations to the latest versions that have this issue fixed.
Barracuda Web Application Firewall & Barracuda CloudGen WAF: The latest signatures for this vulnerability are being rolled out to units in the field. These signatures and settings will block both GET and POST requests that are attempting this exploit. While these signatures detect variations that have been seen so far, we continue to update them as newer variants pop up. As a best practice, we recommend patching your Log4j installations to the latest versions that have this issue fixed.
To learn more about the new signatures and settings required for this mitigation, please review this document in Barracuda Campus.
Barracuda SKOUT Managed XDR: Custom rules were implemented to detect and update this exploit in SKOUT Managed XDR Log and Network Security Monitoring solutions. We recommend that you apply this patch immediately to other third-party software. Please refer to the full list of impacted versions of the Log4j library below.
Log4j all 2.x versions before 2.15.0 (released on Friday, December 10, 2021) are affected.
The following JVM versions are also affected:
- Java 6 – 6u212
- Java 7 – 7u202
- Java 8 – 8u192
- Java 11 – 11.0.2
We strongly encourage our partners who manage environments containing Log4j to update to the latest version, available at https://logging.apache.org/log4j/2.x/download.html.
If you have questions regarding the attack patterns, or need any assistance, please contact Barracuda Networks Technical Support.
Photo: seewhatmitchsee / Shutterstock