Dec 20, 2021
0 0

New Log4j attack vector can affect local hosts with no internet access

Written by

In context: The past week has kept IT organizations scrambling to respond to the Log4j vulnerability impacting systems around the world. As security experts have continued to identify additional bugs in the logging utility, network administrators have worked tirelessly to identify and close off any potential access that that may allow the vulnerability to be exploited. Unfortunately, a newly discovered vector has proven that even isolated systems with no internet connectivity may be just as vulnerable, further complicating the already enormous problem.
Researchers at Blumira have more bad news for the IT community battling Log4j security exploits. While previous findings indicated that impacted systems would require some type of network or internet connectivity, the security firm’s recent discovery now asserts that services running as local host with no external connection can also be exploited. The finding pointed researchers to several more use cases outlining alternative approaches to compromise unpatched assets running Log4j.
A technical post by Blumira CTO, Matthew Warner outlines how a malicious actor can impact vulnerable local machines. Warner states that WebSockets, which are tools that allow fast, efficient communication between web browsers and web applications, could be used to deliver payloads to vulnerable applications and servers with no internet connectivity. This specific attack vector means the unconnected but vulnerable assets could be compromised simply by an attacker sending a malicious request using an existing WebSocket. Warner’s post details the specific steps a malicious actor would take to initiate the WebSocket-based attack.
The newly identified attack vector will result in a greater number of vulnerable assets across already heavily affected industries. According to Check Point Software, over 50% of all government, military, finance, distribution, ISP, and education organizations are currently affected by the Log4j vulnerability.Warner notes that there are available methods organizations can use to detect any existing Log4j vulnerabilities:
Impacted organizations can update their instances of Log4j to Log4j 2.16 to mitigate the tool’s vulnerability. This includes any organization that may have applied the previous remediation, version 2.15, which was later found to include its own set of related vulnerabilities.
TECHSPOT : Tech Enthusiasts, Power Users, Gamers
TechSpot is a registered trademark. About Us Ethics Statement Terms of Use Privacy Policy Change Ad Consent Advertise
© 2021 TechSpot, Inc. All Rights Reserved.


Article Categories:
Cybersecurity News

Comments are closed.