Threat Analysis Unit

Demo: Mitigating Log4Shell (CVE-2021-44228) with NSX

This piece was authored by Stijn Vanveerdeghem

An initial zero-day vulnerability (CVE-2021-44228), publicly released on 9 December 2021, and known as Log4j or Log4Shell, is actively being targeted in the wild. CVE-2021-44228 was assigned the highest “Critical” severity rating, maximum risk score of 10On Tuesday, December 14thnew guidance was issued and a new CVE-2021-45046. Originally scored with a CVSS of 3.7, CVE 2021-45046 was upgrade to a CVSS score of 9.0 on December 17thOn December 18, a third CVE (CVE 2021-45105)was issued with a CVSS score of 7.5. This CVE details with a DOS (Denial of Service) vulnerability in all versions of 2.X log4j, including 2.16.0. The new guidance from Apache.org states that upgrading to Log4j version 2.16.0 is insufficient and is vulnerable to this DOS vulnerability in certain scenarios. Upgrading to 2.17.0 is the preferred remedy per Apache.orghe.org. For specific details please see Investigating CVE-2021-44228 Log4Shell Vulnerability

VMware’s Threat Analysis Unit has observed indicators of active exploitation attempts and continues to monitor and evaluate adversary activities. For specific details please see Log in the Shell: An Analysis of Log4Shell Exploitation 

In this demo, we illustrate how the NSX Distributed Firewall and Distributed IDS/IPS can help secure your environment against Log4Shell and other attack techniques by locking down the attack surface and providing multi-cloud threat detection & prevention at the granularity of every workload.

 

This demo is intended to detail how VMware Security can help secure your environment. For information on product specific impacts refer to VMware Security Advisories.