May 03, 2022

Log4Shell Vulnerability Vast & Abundant

Industry: N/A | Level: Tactical | Source: Rezilion

Since December 2021, the attack surface from the Log4Shell vulnerability has continued to be far-reaching. Research from Rezilion identified, four months have gone by, and the vulnerability is present in many software products, and continues to be downloaded and unpatched. Utilizing Sonatype’s “Log4j Download Dashboard”, downloads with vulnerable Log4j versions are still present, as of April 26th, 2022, there has been 35% (395,281) vulnerable downloads. Further analysis has identified many Log4Shell components remain unpatched, “When exploring the components affected by the Log4Shell vulnerability, i.e. components using org.apache.logging.log4j:log4j-core, it appears that out of a total of 17.84K affected packages, only 7.14K are patched for Log4Shell. This means that almost 60% of vulnerable packages are not yet patched!” Various factors could contribute to users continuing to download vulnerable versions, including lack of awareness of the vulnerability, and inability to detect it, as well as the potential of utilizing third-party software containing the vulnerability. The need to detect and/or patch against Log4Shell remains crucial given the severity and ease of the vulnerability. Reported threat groups attempting to exploit the vulnerability include HAFNIUM, APT35, Tunnel Vision, and APT41/Deep Panda.

  • Anvilogic Scenario: Common Log4Shell Payload
  • Anvilogic Use Case: Potential CVE-2021-44228 – Log4Shell