Log4Shell – Do you know what you don’t know?

Is it just me or is the announcement of a significant CVE becoming a holiday tradition? Discovered on December 9, 2021 by Minecraft players, the Apache Log4Shell vulnerability is uniquely insidious because it infects servers which are traditionally well insulated from attacks, perceived as unreachable by intruders, and not at risk for CVEs. Log4Shell is an entirely different can of worms that proves this assumption wrong.

Using simple text-based chats, Log4Shell essentially gives bad actors the keys to your kingdom by enabling them to download anything web accessible and gain ACE (arbitrary code execution) privileges. At that point, Java reads the log entry as a command and executes it, empowering bad actors to download anything that is network accessible from the infected host.

You’ve probably updated your software and even investigated the vendors you think may have been vulnerable. That means that your network is safe today, but how do you know what was previously at risk? Without historical snapshots and diffing capabilities, you don’t. And that means you may actually still be exposed.

Forward Networks customers are not guessing – they are using Forward Enterprise to verify if all hosts, including the ones potentially breached, can communicate with the Internet. Consequently, those hosts that are Internet accessible are the ones that need to be immediately looked at and remediated. Using the blast radius feature, Forward customers can determine in seconds where in the infrastructure compromised end-hosts can and could have reached. Additionally, the network snapshots collected over time provide the necessary data to identify all devices that may have been previously infected or communicated with an infected host.

Forward Networks does not use Log4j in our shipping software (including past versions). If you are a Forward Networks customer and have additional questions, please contact your Customer Support Architect or email support@forwardnetworks.com.