Despite a working patch that has been around for years, the Apache Log4j2 vulnerability still poses a threat to the global financial industry. A security researcher warned users about the threat.
Apache Log4j2 vulnerability remains a threat – researcher warns
Security researcher Anis Haboubi drew the attention of the cybersecurity and financial industries to a critical security issue. As highlighted by his recent X messagethe well-known but infamous Apache Log4j2 vulnerability wreaked havoc a few years ago.
Again, log4j2 is a variant of the first detected vulnerability Log4Shell, which allowed remote code execution in apps running the vulnerable Java log library. It took the company several attempts to fix the flaw before releasing Log4j version 2.17.1, which addressed the CVE-2021-44832 vulnerability. This vulnerability, rated as a moderate severity issue, allowed RCE to give an attacker write access to the logging configuration.
Haboubi elaborated further on this issue in his X-post, writing:
“A critical vulnerability (CVE-2021-44832) allows attackers with write access to the log configuration to exploit a JDBC appender with a JNDI URI, allowing remote code execution. This can compromise your system by remotely executing malicious code.
Once compromised, attackers can gain access to private network databases through SSH tunnels.”
The researcher also quoted Sisense’s guide on SSH tunnel connections to a private network, explaining that an adversary exploiting the Log4j2 vulnerability could further exploit SSH tunnels for lateral movement on the network.
Haboubi also explained Sisense’s latest move to integrate PEM key-based authentication into the installation script to prevent unauthorized access. While this move alleviates the severity of Log4j2, Haboubi also urged relevant organizations to update log configurations and implement SSH security measures to prevent potential threats.
These findings come in the wake of recent security breaches Sisense And Snowflakewhich arose as a result of exploiting security flaws in their infrastructure, exposing sensitive financial data to hackers.
Let us know your thoughts in the comments.
