{"id":4024,"date":"2021-12-21T12:46:47","date_gmt":"2021-12-21T04:46:47","guid":{"rendered":"https:\/\/www.udshk.com\/?page_id=4024"},"modified":"2021-12-24T11:37:08","modified_gmt":"2021-12-24T03:37:08","slug":"log4j-vulnerabilities-palo-alto-resolutions","status":"publish","type":"page","link":"https:\/\/www.udshk.com\/?page_id=4024","title":{"rendered":"Log4J Vulnerabilities &#8211; Palo Alto Resolutions"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"4024\" class=\"elementor elementor-4024\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5d606b0 elementor-section-height-min-height elementor-section-items-top elementor-section-boxed elementor-section-height-default\" data-id=\"5d606b0\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b1e2f06\" data-id=\"b1e2f06\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fcf7e67 elementor-widget elementor-widget-image\" data-id=\"fcf7e67\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/08\/PA_new.png\" class=\"attachment-medium size-medium\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2f21f8 elementor-widget elementor-widget-heading\" data-id=\"d2f21f8\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Log4J Vulnerabilities - Palo Alto Resolutions (Updated to 10 Dec 2021)<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0abba13 elementor-widget elementor-widget-text-editor\" data-id=\"0abba13\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The information provided below is referred from <a href=\"https:\/\/unit42.paloaltonetworks.com\/apache-log4j-vulnerability-cve-2021-44228\/\">https:\/\/unit42.paloaltonetworks.com\/apache-log4j-vulnerability-cve-2021-44228\/<\/a> and <a href=\"https:\/\/security.paloaltonetworks.com\/CVE-2021-44228\">https:\/\/security.paloaltonetworks.com\/CVE-2021-44228<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53779d0 elementor-tabs-view-horizontal elementor-widget elementor-widget-tabs\" data-id=\"53779d0\" data-element_type=\"widget\" data-widget_type=\"tabs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-tabs\">\n\t\t\t<div class=\"elementor-tabs-wrapper\" role=\"tablist\" >\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8751\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8752\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8753\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8754\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8755\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Palo Alto Products<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8756\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Palo Alto Protection Products<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"elementor-tabs-content-wrapper\" role=\"tablist\" aria-orientation=\"vertical\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8751\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8751\" tabindex=\"0\" hidden=\"false\"><ul>\n \t<li> <a style=\"pointer-events: none; cursor: default; text-decoration: none; color: black;\" href=\"\u201c#\u201d\"> 2021-44228<\/a><\/li>\n \t<li> <a style=\"pointer-events: none; cursor: default; text-decoration: none; color: black;\" href=\"\u201c#\u201d\"> 2021-45046<\/a><\/li>\n<\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8752\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8752\" tabindex=\"0\" hidden=\"hidden\"><ul><li>Dec 10, 2021<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8753\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8753\" tabindex=\"0\" hidden=\"hidden\"><ul><li>High Impact<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8754\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8754\" tabindex=\"0\" hidden=\"hidden\"><p class=\"s5\"><span class=\"s32\">A remote code execution (RCE)\u00a0 vulnerability in Apache\u00a0<\/span><span class=\"s32\">log4j2<\/span><span class=\"s32\">\u00a0was identified being exploited in the wild. Public proof of concept (PoC) code was released and subsequent investigation revealed that exploitation was incredibly easy to perform. By submitting a specially crafted request to a vulnerable system, depending on how the system is configured, an attacker is able to instruct that system to download and subsequently execute a malicious payload. <\/span><\/p><p class=\"s5\"><span class=\"s32\">Due to the discovery of this exploit being so recent, there are still many servers, both on-premises and within cloud environments, that have yet to be patched. Like many high severity RCE exploits, thus far, massive scanning activity for CVE-2021-44228 has begun on the internet with the intent of seeking out and exploiting unpatched systems. We highly recommend that organizations upgrade to the latest version (2.16.0) of Apache log4j 2 for all systems. This version also patches the less severe vulnerability CVE-2021-45046, found on Dec. 14.<\/span><\/p><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Palo Alto Products<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8755\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"5\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8755\" tabindex=\"0\" hidden=\"hidden\"><ul><li class=\"s2\">PAN-OS Panorama 9.0.*, 9.1.*, 10.0.*<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Palo Alto Protection Products<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8756\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"6\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8756\" tabindex=\"0\" hidden=\"hidden\"><p>Palo Alto Networks provides protection against the exploitation of this vulnerability.<\/p><ul><li><strong>Next-Generation Firewalls or Prisma Access<\/strong><ul><li><p class=\"s2\"><span class=\"s32\">With a\u00a0<\/span><span class=\"s32\">Threat Prevention<\/span><span class=\"s32\">\u00a0security subscription can automatically block sessions related to this vulnerability using Threat IDs.<\/span><\/p><p class=\"s2\"><span class=\"s32\">91991, 91994, 91995 and 92001 (Application and Threat content update 8502).<\/span><\/p><p class=\"s2\"><span class=\"s32\">Customers already aligned with our security best practices gain automated protection against these attacks with no manual intervention. These signatures block the first stage of the attack.<\/span><\/p><\/li><\/ul><\/li><li><strong><span class=\"s25\">Palto<\/span><span class=\"s25\"> Alto Recommendation on Firewall<\/span><\/strong><ul><li><p class=\"s5\"><span class=\"s29\">Suitable egress application filtering can be used to block the second stage of the attack. <\/span><\/p><p class=\"s5\"><span class=\"s29\">Use App-ID for\u00a0<\/span><span class=\"s29\">ldap<\/span><span class=\"s29\">\u00a0and\u00a0<\/span><span class=\"s29\">rmi-iiop<\/span><span class=\"s29\">\u00a0to block all RMI and LDAP to or from untrusted networks and unexpected sources.<\/span><\/p><p class=\"s5\"><span class=\"s29\">SSL decryption needs to be enabled on the firewall to block known attacks over HTTPS<\/span><\/p><p class=\"s5\"><span class=\"s29\">Customers with log4j in their environments should upgrade or apply workarounds suggested by respective vendors, and not rely only on the Threat Prevention signatures.<\/span><\/p><\/li><\/ul><\/li><li><strong>Cortex XDR<\/strong><ul><li><p class=\"s5\"><span class=\"s32\">Cortex XDR customers running Linux agents and content 290-78377 are protected from a full exploitation chain using the\u00a0<\/span><span class=\"s32\">Java Deserialization <\/span><span class=\"s32\">Explort<\/span><span class=\"s32\"> protection module<\/span><span class=\"s32\"> Other. Cortex XDR customers are protected against various observed payloads stemming from CVE-2021-44228 through <\/span><span class=\"s32\">Behavioral<\/span><span class=\"s32\"> Threat Protection (BTP). Additionally, Cortex XDR Pro customers using Analytics will have post-exploitation activities detected related to this vulnerability.<\/span><\/p><p class=\"s13\"><span class=\"s32\">Cortex XSOAR customers can leverage the\u00a0 &#8220;CVE-2021-44228 &#8211; Log4j RCE&#8221; pack to automatically detect and mitigate the vulnerability.<\/span><\/p><\/li><\/ul><\/li><li><strong>Prisma Cloud Compute<\/strong><ul><li>Defender agents can detect whether any continuous integration (CI) project, container image, or host system maintains a vulnerable Log4j package or JAR file with a version equal to or older than 2.14.1.\u00a0In addition, Web Application and API Security (WAAS) rules can be used to detect and block exploit payloads.<\/li><\/ul><\/li><\/ul><\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Log4J Vulnerabilities &#8211; Palo Alto Resolutions (Updated to 10 Dec 2021) The information provided below is referred from https:\/\/unit42.paloaltonetworks.com\/apache-log4j-vulnerability-cve-2021-44228\/ and https:\/\/security.paloaltonetworks.com\/CVE-2021-44228. CVE Number Discovery Date Threat Level Response to Log4j Affected Palo Alto Products Palo Alto Protection Products CVE Number 2021-44228 2021-45046 Discovery Date Dec 10, 2021 Threat Level High Impact Response to Log4j A [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-4024","page","type-page","status-publish","hentry","entry","owp-thumbs-layout-horizontal","owp-btn-normal","owp-tabs-layout-horizontal","has-no-thumbnails","has-product-nav"],"_links":{"self":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4024"}],"version-history":[{"count":13,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4024\/revisions"}],"predecessor-version":[{"id":4206,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4024\/revisions\/4206"}],"wp:attachment":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}