In Response to the Log4j Vulnerability: Radiflow’s Products are Safe

General

The newly-reported Log4j vulnerability affects the widely used library Log4j which was created by Apache, the most widely used web server. The Log4j vulnerability allows remote code execution by simply typing a specific string into a textbox. It works on every program using the Log4j library. The severity for this vulnerability was marked as critical.

View the CVE for the log4j the vulnerability.

Radiflow Products

After internal analysis we are able to verify that Radiflow products are not affected by this vulnerability.

Detection and Mitigation

• The latest SNORT Package is available for iSID customers, containing signatures for detection of the vulnerability’s exploit attempts in monitored networks.
• iSID customers are requested to contact Radiflow support service.
• GreyNoise has been publishing a list of IP addresses that have been seen scanning the internet to exploit this vulnerability and is keeping an updated list. These IP addresses should be added to the blocked lists of respective network detection products. Apache has provided a patch (Log4j 2.15.0) to mitigate the vulnerability.

Additional Resources:

• https://nvd.nist.gov/vuln/detail/CVE-2021-44228
• https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-Log4j-version-2150-address-critical-rce
• https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
• https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2