banner-asp-mobile

Frequently Asked Questions

Log4j2 Vulnerability (CVE-2021-44228 aka Log4Shell)

logo

Last updated 30 Dec 21 at 3:55pm ET.

What is CVE-2021-44228 (Log4Shell) and what is affected? 

Log4Shell is the common name of CVE-2021-44228, which is a remote code execution vulnerability on Apache Log4j versions 2.0-beta9 to 2.14.1. The vulnerability is being actively exploited, so anyone who is running the older versions of Apache Log4j2 should upgrade to Log4j 2.17.1 or apply other mitigation strategies immediately.

How do I know if an asset is susceptible to CVE-2021-44228 (Log4Shell)?

Assets which use Java or Apache Log4j (versions 2.0-beta9 to 2.14.1) are susceptible. The current patch level of 2.17.1 was released to address CVE-2021-44228 as well as other CVEs associated with Log4j (CVE 2021-44832). 

A list of technologies affected is provided within the CyCognito platform and this list will be updated hourly.  You can search your attack surface in the CyCognito platform using the "how to" instructions below to show any assets using known-affected components.

Additionally, we have a list of known-affected software compiled from vendor advisories located here: https://www.cycognito.com/technology-impacted-by-the-log4j2-vulnerability

Is the CyCognito platform affected by CVE-2021-44228 (Log4Shell)?

There is no direct impact of the Log4j vulnerability to the CyCognito platform. We have thoroughly investigated our own software, third-party components, and connected providers. Any use of Log4j has been verified as not-vulnerable or patched.

You can read our official statement here.

When the Log4j vulnerability was publicly disclosed, CyCognito began reviewing our platform and third-party components for potential exposure. We’ve seen no direct impact to the CyCognito Platform and will continue to monitor and investigate the situation as component vendors communicate their status.

If you ever believe you have discovered a vulnerability in the CyCognito platform or have a security incident to report, send us an email to report it. Our disclosure policy is here.

Can CyCognito and the CyCognito platform identify internet-exposed assets that are vulnerable to CVE-2021-44228 (Log4Shell)?

Yes, the CyCognito platform and its external attack surface discovery engine can identify assets on your external attack surface which are vulnerable to CVE-2021-44228. Our engineering and analyst teams have built a Log4j Advisory Dashboard that is linked directly from the side navigation in the CyCognito Platform.

log4j-Dashboard

How does CyCognito detect assets affected by CVE-2021-44228 (Log4Shell)?

Currently, our platform detects services and software running on internet-exposed assets. There are certain services that are known to use Apache Log4j. 

If CyCognito has detected any of those services or software running on your attack surface, the asset would be identified by the discovered service/software. Specifically, you can search your asset list in CyCognito to show assets that are using affected components.

What is the best way to get help from CyCognito?

If you are not a CyCognito customer, we welcome you to reach out to us at log4jhelp@cycognito.com. Quickly identifying internet-exposed assets vulnerable to zero-days is only one of many different use cases for the CyCognito external attack surface management platform.

If you are a CyCognito customer, you can reach out to your Customer Success Manager directly, or email log4jhelp@cycognito.com.

Where can I find more resources around CVE-2021-44228 (Log4Shell)?

The CyCognito Blog: https://www.cycognito.com/blog/apache-log4j-vulnerability-cve-2021-44228-aka-log4shell

Known-affected software: https://www.cycognito.com/technology-impacted-by-the-log4j2-vulnerability

Aggregated list of advisories in GitHub: https://github.com/YfryTchsGD/Log4jAttackSurface