Despite a working patch that has been around for years, the Apache Log4j2 vulnerability still poses a threat to the global finance sector. A security researcher warned users about the threat.
Apache Log4j2 Vulnerability Remains A Threat – Warns Researcher
Security researcher Anis Haboubi directed the cybersecurity and financial sector’s attention to a critical security issue. As highlighted through his recent X post, the well-known yet notorious Apache Log4j2 vulnerability wreaked havoc a few years ago.
To reiterate, log4j2 is a variant of the first detected vulnerability Log4Shell, which allowed remote code execution in apps running the vulnerable Java logging library. It took the firm several attempts to patch the flaw before releasing the Log4j version 2.17.1, addressing the vulnerability CVE-2021-44832. This vulnerability, tagged as a moderate-severity issue, allowed RCE to an attacker with write access to the logging configuration.
Elaborating further on this matter in his X post, Haboubi wrote,
“A critical vulnerability (CVE-2021-44832) allows attackers with write access to the logging config to exploit a JDBC Appender with a JNDI URI, enabling remote code execution. This could compromise your system by executing malicious code remotely.
Once compromised, attackers can pivot using SSH tunnels to access private network databases.”
The researcher also cited Sisense’s guide on SSH tunnel connections to a private network, explaining that an adversary exploiting the Log4j2 vulnerability could further exploit SSH tunnels for lateral movement on the network.
Haboubi also explained Sisense’s latest move to integrate PEM key-based authentication in the setup script to prevent unauthorized access. While this step alleviates the severity of Log4j2, Haboubi also urged the relevant organizations to update logging configurations and implement SSH security measures to prevent potential threats.
These findings arrive following the recent security breaches at Sisense and Snowflake, which occured due to the exploitation of security flaws in their infrastructure, exposing sensitive financial data to hackers.
Let us know your thoughts in the comments.