FaceSec completed the Log4j2 global security breach troubleshoot in 2 Hours

Global Partner Program

Home
Access Control
FaceAccess
AI Access control solutions

Accessories
Modules
Mounting Stand

Photon 43

Photon55

Photon 80

Photon 101

Color 55

Infinity 2

Light 128
Attendance
FaceAttendance
AI Attendance solutions

FaceAttendance 55

FaceAttendance 80

FaceAttendance 101

FaceAttendance L1
Business
FaceTouch
AI Business solutions

Accessories
Expandable Function Base

MAX 156

MAX 215

MAX 270

MAX Station
Services & Supports

Customer Service

Partners & Developers
About Us

Company Introduction

News Centre

Success Stories

Contact Us

Global Partner Program

Current Page：

2021-12-11 12:44

Apache Log4j2 is a Java based logging tool. It rewrites the Log4j framework and introduces a lot of rich features. Therefore, this log framework is widely used in business system development to record log information.

An attacker could exploit this vulnerability by sending a carefully crafted data request to an application that uses Apache Log4j as a log tool. Printing the attacker's malicious input would trigger a remote code execution vulnerability. An attacker can execute an arbitrary program by causing the log recorded by it to contain a specified string. This vulnerability exists in all versions from Log4j 2.0 to 2.14.1. Even the first release of 2.15.0.rc1 was bypassed after an emergency fix, and it was still not fully fixed until 2.15.0-rc2.

Vulnerability level: high risk

Affected versions: Apache Log4j 2.x < 2.15.0-rc2

It is worth noting that only 11 days after the Apache Log4j2 remote code execution vulnerability was disclosed, attackers have successfully exploited this vulnerability to attack the computer network of the Belgian Ministry of Defense. The spokesman confirmed that parts of its computer network, such as the mail system, had been down for several days.

According to media reports, the Belgian Ministry of Defense was the first government victim to report the vulnerability, but given the ubiquity of the Apache Log4j vulnerability in popular software used in the public and private sectors, it is unlikely to be the last.

At the same time, some extortionists have weaponized the Log4j2 vulnerability and possessed a complete attack chain, which seriously threatens the security and interests of key units in various countries. Ensuring the security of critical information infrastructure and strengthening emergency response capabilities are the inspirations brought to us by the Apache Log4j vulnerability attack event.

Why is critical information infrastructure an easy target for attackers exploiting Log4j vulnerabilities?

We know that Log4j vulnerabilities exist not only in an organization's Internet-facing assets, but also in environments such as internal systems, third-party applications, SaaS, and cloud services. For critical information infrastructure operating companies, it is difficult to clarify which assets are fully exposed to threats.

Second, software used by critical information infrastructure may contain trusted third-party APIs for Log4j vulnerabilities, or may contain all dependencies of a particular component (including the Log4j library). Identifying affected applications has become extremely difficult due to organizations' lack of visibility into API behavior and the depth of vulnerabilities.

The software used in critical information infrastructure may be provided by third-party vendors, but not all vendors have available patches for the Log4j vulnerability. Therefore, it seems that the current situation is "calm", but there are hidden security risks.

Since it was made public on December 7, 2021, after learning about the Log4j2 security breach, the FaceSec R&D team checked all possible codes within 2 hours, and quickly checked for loopholes that might endanger system security, proving that the FaceSec system has a very good crisis management and system security mechanisms to help customers minimize system risks and protect their data assets.

Related Links

Apache Open Source Organization

[Apache Official Website ]Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html

[Federal Trade Commission ]

https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability

Action plans of major IT companies in the world

Large IT companies made patching plans within 24 hours to 1 week after the security vulnerability was released.

Amazon

https://aws.amazon.com/security/security-bulletins/AWS-2021-006/?nc1=h_ls

Microsoft

https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

SAP