CRITICAL ALERT: Log4Shell
We want to make our readers and your security operations aware of a critical vulnerability that is actively being exploited in the wild.
CVE-2021-44228 can easily be exploited to gain complete access to the targeted system by getting the application to log a specially crafted string.
Government organizations and the private sector are responding to the disclosure of a critical vulnerability affecting the widely used Log4j logging utility, as exploitation attempts are on the rise.
Tracked as CVE-2021-44228 and dubbed Log4Shell — that can be exploited to gain complete access to the targeted system by getting the affected application to log a specially crafted string.
Palo Alto Networks has an analysis here.
The list of affected companies and software includes Apple, Tencent, Twitter, Baidu, Steam, Minecraft, Cloudflare, Amazon, Tesla, IBM, Pulse Secure, Ghidra, ElasticSearch, Apache, Google, Webex, LinkedIn, Oracle, Cisco and VMware. The list is being regularly updated.