Log4j CVE-2021-44228

Hi,

Any remote checks coming for CVE-2021-44228 for Nexpose/InsightVM?

14 Likes

We all are waiting for Rapid7 release.
Others have released checks.

2 Likes

I don’t understand why we still don’t have scanning signatures for this yet. Tenable has already released plugins for their product. Yet here we are, struggling to identify all the instances of potential compromise. R7 is really letting the defenders down.

2 Likes

Is there an ETA for the scan signature?

1 Like

Hi all, apologies for lack of communication on here, I’ll try to find someone who can answer these questions.
We have this blog which is being kept up to date with information about what we know and potential mitigations etc. Widespread Exploitation of Critical Remote Code Execution in Apache Log4j | Rapid7 Blog
Thanks for bearing with us through this!

Hi Rapid7 team,

Any update on this yet? We need this urgently. Please can we get priority on this.

1 Like

Hey Julian,

We understand that team is putting efforts in getting feasibility of adding a scanning-based vulnerability check and I hope they’ll come with the solution soon. Meanwhile, could you please us know if there is any work around/alternate steps we can perform InsightVM to discover vulnerable assets as management has high expectations from InsightVM.

Thanks,

Parth

1 Like

HI Team,

Please can you provide us with an update. We have customers putting pressure on us to identify this. This is the core of IVM and we need it asap.

Hi all

New coverage for this is available on our console. Just did an update.

Hi Karel. Please note that as per the vulnerability description, this check will require product version 6.6.118 which has not yet been released. The team is working hard on getting this out the door and we will provide an update as soon as it is available. The reason you see the content already is for technical reasons.

Hi Greg. Noted, thank you very much for the reply. Will look out for it. Thanks for the effort.

Ran a scan on known vulnerable target after product and content update. Target returned as not vulnerable.

I wonder if anyone is finding anything with this check / has any idea what exactly it is checking on target system?

2 Likes

Hi Paul,

I was able to find one check [Apache Log4j Core: CVE-2021-44228: Remote Code Execution] , neither our contents updated to Dec 12 nor product version updated to 6.6.118.

Only thing i did that , i have restarted my Nexpose server. For some reason this check showed up.

One of my friend also mentioned the same thing. And I have updated the console but still not able to discover the vulnerable assets. @julian_pellas-rice @greg_wiseman

So does this do anything for Windows machines? Having doubts about this check, also on Linux systems. Same issues as vsingh… any upcoming updates?

2 Likes

Is there an ETA for an authenticated vulnerability check for Windows?

Not sure I can believe but:

This check runs during network scans and will attempt to trigger a connection back to the Scan Engine in order to determine vulnerable status. This check is platform-independent, targeting Windows, Linux, and other operating systems.

on

1 Like

I’m continuing to research but I’m not convinced this check is working properly against win systems.

@julian_pellas-rice any feedback on the check as far as windows systems are concerned? I’ve scanned some that should definitely have this vulnerability and come back empty handed.

I / We have the same experience.