Issue:
- I would like to confirm if WithSecure Elements Vulnerability Management (Radar) can detect CVE-2021-44228 (Log4j2)?
- What is the schedule for adding detection for CVE-2021-44228 (Log4j2)?
- How can I verify when detection for CVE-2021-44228 (Log4j2) is available?
Resolution:
The detection of CVE-2021-44228 is available for selected software, following vendor security advisories publishing new versions of products with fixed and older versions of software that are marked as vulnerable. The list of affected software is constantly increasing, therefore more often re-scans should be considered.
WithSecure does not recommend limiting the scanning template to specific plugins only.
Moreover, F-Secure released System Scan plugins for Linux and Windows authenticated scans, where vulnerable libraries are being discovered on a local drive and listed in the plugin output.
In addition to the above, there is also a remote unauthenticated check that uses an exploit-based approach. A test with jndi:ldap expression in the payload is performed and we listen for the signs of successful exploitation.
You can view the current list of Log4Shell / Log4Jam detection capabilities by following these steps:
- Log in to the Elements Vulnerability Management portal
- Go to the Vulnerabilities page
- Select the Vulnerability coverage tab
- Click on the blue Filter arrow
- Add the following filters:
- CVE references including CVE-2021-44228
- CVE references including CVE-2021-45046
- Click Apply
The Element Vulnerability Management news section (RSS feed) is available on the Vulnerability Management portal to find out what the newly added vulnerability definitions are. Vulnerability coverage can be checked from the WithSecure Vulnerability Management portal. If a specific CVE-ID is not found, coverage for the detection is not yet available.
Vulnerability coverage: https://portal.radar.f-secure.com/vulnerabilities/definitions
Please also follow https://portal.radar.f-secure.com/news for further updates
Details from the National Vulnerability database: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Article no: 000036547