The Log4j vulnerability recently made headlines around the world. Concerns about this vulnerability center on the fact that an attacker who can control log messages or parameters of log messages can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. This means that Internet-vulnerable devices running Apache Log4j versions 2.0 to 2.14.1 NCSC with Log4j version 2 (Log4j2) are at risk.
Noticeable: If you are looking for the latest insights into current attacks or cyberthreat trends, we recommend reading and subscribing to them Cyber Security Threat Alert from SKOUT.
Update from Barracuda
Security is a top priority for Barracuda Networks and Barracuda MSP. Our analysis confirms that none of our products are currently using the Log4j vulnerabilities associated with CVE-2021-44228. Additionally, external surveys of our products and production hosts did not identify actual exposure within our environment. Please visit Barracuda Trust Center Stay tuned as we will continue to share more updates.
Our product and security teams are currently conducting extensive reviews of our infrastructure, tools, and third-party services to identify and address any potential security vulnerabilities.
Detection of the attack and the protective steps we have taken
Barracuda RMM: We have introduced a new script that allows partners using Barracuda RMM to scan for a Log4j CVE-2021-44228 vulnerability in their clients’ environments. The script identifies potentially vulnerable and vulnerable devices and shares the details through Barracuda RMM.
Barracuda Waffle as a Service: We are releasing new signatures to detect and prevent Log4j exploit attempts. These signatures have been updated to handle recent evasion seen in the field as of December 13/2021. These signatures and settings will block both GET and POST requests attempting this exploit.
While these signatures detect differences seen so far, we continue to update them as newer variants emerge. As a best practice, we recommend patching Log4j installations to the latest versions for which this issue has been fixed.
Barracuda & Barracuda CloudGen WAF Web Application Firewall: The latest signatures for this vulnerability are deployed to units in the field. These signatures and settings will block both GET and POST requests attempting this exploit. While these signatures detect differences seen so far, we continue to update them as newer variants emerge. As a best practice, we recommend patching Log4j installations to the latest versions for which this issue has been fixed.
To learn more about the new signatures and settings required for this mitigation, Please review this document at Barracuda Campus.
Barracuda SKOUT Managed XDR: Custom rules have been implemented to detect and update this exploit in SKOUT Managed XDR Log and Network Security Monitoring solutions. We recommend that you apply this patch immediately to other third-party software. Please refer to the full list of affected versions of the Log4j library below.
All versions of Log4j 2.x before 2.15.0 (released Friday, December 10, 2021) are affected.
The following JVM versions are also affected:
- Java 6 – 6u212
- Java 7 – 7u202
- Java 8 – 8u192
- Java 11 – 11.0.2
We strongly encourage our partners who manage environments containing Log4j to update to the latest version, available at https://logging.apache.org/log4j/2.x/download.html.
If you have questions regarding attack patterns, or need any assistance, please contact Barracuda Networks Technical Support.
Photo: Alexander Limbach/Shutterstock