A zero-day vulnerability involving remote code execution in Log4j 2, given the descriptor "Log4Shell" (CVE-2021-44228), was found and reported to Apache by Alibaba on November 24, 2021, and published in a tweet on December 9, 2021.
NG Firewall uses log4j version 1.2.16, which is not affected by this vulnerability.
Micro Edge does not use log4j and is unaffected.
The cloud environment used to facilitate ETM Dashboard functionality does use log4j and Edge Threat Management staff update this component on a regular basis. Log4j was updated to the latest version shortly after the vulnerability and the associated update became public.
Protecting Your Network
Intrusion Prevention in NG Firewall has default signatures for log4j-based attacks. You can create a rule in Intrusion Prevention > Rules to block all attacks determined to be log4j:
- Add a new rule
- Add the condition
Message Contains log4j
- Change the Action setting to "Enable Block"