Log4J Vulnerabilities - Fortinet Resolutions (Updated to 12 Dec 2021)
The information provided below is referred from https://www.fortinet.com/blog/psirt-blogs/apache-log4j-vulnerability and https://www.fortiguard.com/psirt/FG-IR-21-245?utm_source=blog&utm_campaign=blog.
- Dec 12, 2021
- High
FortiGuard Labs is aware of a remote code execution vulnerability in Apache Log4j. Log4j is a Java based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can leverage this vulnerability to take full control of a vulnerable machine.
This vulnerability is also known as Log4shell and has the CVE assignment (CVE-2021-44228). FortiGuard Labs will be monitoring this issue for any further developments.
- FortiAIOps – Fixed in version 1.0.2
- FortiCASB – Fixed on 2021-12-10
- FortiConverter Portal – Fixed on 2021-12-10
- FortiCWP – Fixed on 2021-12-10
- FortiEDR Cloud – Not exploitable. Additional precautionary mitigations put in place on 2021-12-10
- FortiInsight – Not exploitable. Additional precautionary mitigations being investigated.
- FortiIsolator – Fix scheduled for version 2.3.4
- FortiMonitor – Mitigations for NCM & Elastiflow available
- FortiPortal – Fixed in 6.0.8 and 5.3.8
- FortiSIEM – Mitigation available
- ShieldX – Fix scheduled for versions 2.1 and 3.0 – ETA 2021/12/17
Protections are available across the whole Fortinet Security Fabric to help defend against this attack.
- FortiWeb/Fortigate IPS
- Apply web application firewalling signatures and IPS to detect and prevent the vulnerability from being exploited.
- FortiGate Firewall
- Employ firewall policy and microsegmentation to prevent authorized devices from communicating out to unauthorized resources.
- FortiEDR
- Monitors and protects against payloads delivered by exploitation of the vulnerability.
- FortiCWP
- Protects CI/CD pipeline and detects the presence of Log4j2 vulnerability in container images.
- IPS Signature Protection(FortiOS)
Fortinet has released IPS signature Apache.Log4j.Error.Log.Remote.Code.Execution, with VID 51006 to address this threat. This signature was initially released in IPS package (version 19.215). Please note that since this is an emergency release, the default action for this signature is set to pass. Please modify the action according to your need.
As of IPS DB version 19.217 this signature was set to drop by default.
- IPS Signature Protection (FortiADC & FortiProxy)
FortiADC supports IPS signature to mitigate Log4j (version 19.215).
FortiProxy supports IPS signature to mitigate Log4j (version 19.215).
- Web Application Firewall (FortiWeb & FortiWebCloud)
- Web application signatures to prevent this vulnerability were added in database 0.00301 and have been updated in the latest release 0.00305 for additional coverage.
