{"id":4022,"date":"2021-12-21T12:18:58","date_gmt":"2021-12-21T04:18:58","guid":{"rendered":"https:\/\/www.udshk.com\/?page_id=4022"},"modified":"2021-12-24T11:36:40","modified_gmt":"2021-12-24T03:36:40","slug":"log4j-vulnerabilities-fortinet-resolutions","status":"publish","type":"page","link":"https:\/\/www.udshk.com\/?page_id=4022","title":{"rendered":"Log4J Vulnerabilities &#8211; Fortinet Resolutions"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"4022\" class=\"elementor elementor-4022\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5d606b0 elementor-section-height-min-height elementor-section-items-top elementor-section-boxed elementor-section-height-default\" data-id=\"5d606b0\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b1e2f06\" data-id=\"b1e2f06\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fcf7e67 elementor-widget elementor-widget-image\" data-id=\"fcf7e67\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/08\/Fortinet_new.png\" class=\"attachment-medium size-medium\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2f21f8 elementor-widget elementor-widget-heading\" data-id=\"d2f21f8\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Log4J Vulnerabilities - Fortinet Resolutions (Updated to 12 Dec 2021)<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0abba13 elementor-widget elementor-widget-text-editor\" data-id=\"0abba13\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The information provided below is referred from <a href=\"https:\/\/www.fortinet.com\/blog\/psirt-blogs\/apache-log4j-vulnerability\">https:\/\/www.fortinet.com\/blog\/psirt-blogs\/apache-log4j-vulnerability <\/a>and\u00a0<a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-21-245?utm_source=blog&amp;utm_campaign=blog\">https:\/\/www.fortiguard.com\/psirt\/FG-IR-21-245?utm_source=blog&amp;utm_campaign=blog<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53779d0 elementor-tabs-view-horizontal elementor-widget elementor-widget-tabs\" data-id=\"53779d0\" data-element_type=\"widget\" data-widget_type=\"tabs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-tabs\">\n\t\t\t<div class=\"elementor-tabs-wrapper\" role=\"tablist\" >\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8751\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8752\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8753\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8754\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8755\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Fortinet Products<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8756\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Fortinet Protection Products<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"elementor-tabs-content-wrapper\" role=\"tablist\" aria-orientation=\"vertical\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8751\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8751\" tabindex=\"0\" hidden=\"false\"><ul><li><a style=\"pointer-events: none; cursor: default; text-decoration: none; color: black;\" href=\"\u201c#\u201d\"> 2021-44228<\/a><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8752\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8752\" tabindex=\"0\" hidden=\"hidden\"><ul><li>Dec 12, 2021<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8753\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8753\" tabindex=\"0\" hidden=\"hidden\"><ul><li>High<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8754\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8754\" tabindex=\"0\" hidden=\"hidden\"><p class=\"s5\"><span class=\"s32\">FortiGuard Labs is aware of a remote code execution vulnerability in Apache Log4j. Log4j is a Java based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can leverage this vulnerability to take full control of a vulnerable machine.<\/span><\/p><p class=\"s13\"><span class=\"s32\">This vulnerability is also known as Log4shell and has the CVE assignment (CVE-2021-44228). FortiGuard Labs will be monitoring this issue for any further developments.<\/span><\/p><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Fortinet Products<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8755\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"5\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8755\" tabindex=\"0\" hidden=\"hidden\"><ul><li class=\"s2\"><span class=\"s53\">FortiAIOps<\/span><span class=\"s53\"> &#8211;\u00a0<\/span><span class=\"s53\">Fixed<\/span><span class=\"s53\">\u00a0in version 1.0.2<\/span><\/li><li class=\"s2\"><span class=\"s53\">FortiCASB<\/span><span class=\"s53\"> &#8211;\u00a0<\/span><span class=\"s53\">Fixed\u00a0<\/span><span class=\"s53\">on 2021-12-10<\/span><\/li><li class=\"s2\"><span class=\"s53\">FortiConverter<\/span><span class=\"s53\"> Portal &#8211;\u00a0<\/span><span class=\"s53\">Fixed\u00a0<\/span><span class=\"s53\">on 2021-12-10<\/span><\/li><li class=\"s2\"><span class=\"s53\">FortiCWP<\/span><span class=\"s53\"> &#8211;\u00a0<\/span><span class=\"s53\">Fixed\u00a0<\/span><span class=\"s53\">on 2021-12-10<\/span><\/li><li class=\"s2\"><span class=\"s53\">FortiEDR<\/span><span class=\"s53\"> Cloud &#8211; Not exploitable. Additional precautionary mitigations put in place on 2021-12-10<\/span><\/li><li class=\"s2\"><span class=\"s53\">FortiInsight<\/span><span class=\"s53\"> &#8211; Not exploitable. Additional precautionary mitigations being investigated.<\/span><\/li><li class=\"s2\"><span class=\"s53\">FortiIsolator<\/span><span class=\"s53\"> &#8211; Fix scheduled for version 2.3.4<\/span><\/li><li class=\"s2\"><span class=\"s53\">FortiMonitor<\/span><span class=\"s53\"> &#8211; Mitigations for<\/span><a class=\"s53\" href=\"https:\/\/docs.fortinet.com\/document\/fortimonitor\/21.4.0\/user-guide\/733336\/technical-tip-mitigating-log4j-vulnerability-impact-on-ncm\">\u00a0NCM<\/a><span class=\"s53\">\u00a0&amp;\u00a0<\/span><a class=\"s55\" href=\"https:\/\/docs.fortinet.com\/document\/fortimonitor\/21.4.0\/user-guide\/411268\/technical-tip-mitigating-log4j-vulnerability-impact-on-elastiflow-4-and-5\">Elastiflow<\/a><span class=\"s53\">\u00a0available<\/span><\/li><li class=\"s2\"><span class=\"s53\">FortiPortal<\/span><span class=\"s53\"> &#8211;\u00a0<\/span><span class=\"s53\">Fixed\u00a0<\/span><span class=\"s53\">in 6.0.8 and 5.3.8<\/span><\/li><li class=\"s2\"><span class=\"s53\">FortiSIEM<\/span><span class=\"s53\"> &#8211;\u00a0<\/span><a class=\"s55\" href=\"https:\/\/community.fortinet.com\/t5\/FortiSIEM\/Techincal-Tip-FortiSIEM-Log4j-Mitigating-CVE-2021-44228\/ta-p\/201008\">Mitigation available<\/a><\/li><li class=\"s2\"><span class=\"s53\">ShieldX<\/span><span class=\"s53\"> &#8211; Fix scheduled for versions 2.1 and 3.0 &#8211; ETA 2021\/12\/17<\/span><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Fortinet Protection Products<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8756\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"6\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8756\" tabindex=\"0\" hidden=\"hidden\"><p>Protections are available across the whole Fortinet Security Fabric to help defend against this attack.<\/p><ul><li><strong><span class=\"s30\">FortiWeb<\/span><span class=\"s30\">\/<\/span><span class=\"s30\">Fortigate<\/span><span class=\"s30\"> IPS<\/span><\/strong><ul><li>Apply web application firewalling signatures and IPS to detect and prevent the vulnerability from being exploited.<\/li><\/ul><\/li><li><strong>FortiGate Firewall<\/strong><ul><li><span class=\"s32\">Employ firewall policy and <\/span><span class=\"s32\">microsegmentation<\/span><span class=\"s32\"> to prevent authorized devices from communicating out to unauthorized resources.<\/span><\/li><\/ul><\/li><li><strong>FortiEDR<\/strong><ul><li>Monitors and protects against payloads delivered by exploitation of the vulnerability.<\/li><\/ul><\/li><li><strong>FortiCWP<\/strong><ul><li>Protects CI\/CD pipeline and detects the presence of Log4j2 vulnerability in container images.<\/li><\/ul><\/li><li><strong><span class=\"s30\">IPS Signature Protection(<\/span><span class=\"s30\">FortiOS<\/span><span class=\"s30\">)<\/span><\/strong><ul><li><p class=\"s2\"><span class=\"s32\">Fortinet has released IPS signature Apache.Log4j.Error.Log.Remote.Code.Execution, with VID 51006 to address this threat. This signature was initially released in IPS package (version 19.215). Please note that since this is an emergency release, the default action for this signature is set to pass. Please modify the action according to your need.<\/span><\/p><p class=\"s28\"><span class=\"s32\">As of IPS DB version 19.217 this signature was set to drop by default.<\/span><\/p><\/li><\/ul><\/li><li><strong><span class=\"s30\">IPS Signature Protection (<\/span><span class=\"s30\">FortiADC<\/span><span class=\"s30\"> &amp; <\/span><span class=\"s30\">FortiProxy<\/span><span class=\"s30\">)<\/span><\/strong><ul><li><p class=\"s5\"><span class=\"s32\">FortiADC<\/span><span class=\"s32\"> supports IPS signature to mitigate Log4j (version 19.215).<\/span><\/p><p class=\"s5\"><span class=\"s32\">FortiProxy<\/span><span class=\"s32\"> supports IPS signature to mitigate Log4j (version 19.215).<\/span><\/p><\/li><\/ul><\/li><li><strong><span class=\"s30\">Web Application Firewall (<\/span><span class=\"s30\">FortiWeb<\/span><span class=\"s30\"> &amp; <\/span><span class=\"s30\">FortiWeb<\/span><span class=\"s30\">Cloud)<\/span><\/strong><ul><li>Web application signatures to prevent this vulnerability were added in database 0.00301 and have been updated in the latest release 0.00305 for additional coverage.<\/li><\/ul><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Log4J Vulnerabilities &#8211; Fortinet Resolutions (Updated to 12 Dec 2021) The information provided below is referred from https:\/\/www.fortinet.com\/blog\/psirt-blogs\/apache-log4j-vulnerability and\u00a0https:\/\/www.fortiguard.com\/psirt\/FG-IR-21-245?utm_source=blog&amp;utm_campaign=blog. CVE Number Discovery Date Threat Level Response to Log4j Affected Fortinet Products Fortinet Protection Products CVE Number 2021-44228 Discovery Date Dec 12, 2021 Threat Level High Response to Log4j FortiGuard Labs is aware of a remote [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-4022","page","type-page","status-publish","hentry","entry","owp-thumbs-layout-horizontal","owp-btn-normal","owp-tabs-layout-horizontal","has-no-thumbnails","has-product-nav"],"_links":{"self":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4022"}],"version-history":[{"count":7,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4022\/revisions"}],"predecessor-version":[{"id":4196,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4022\/revisions\/4196"}],"wp:attachment":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}