The remote host appears to be running SIP. SIP itself is not vulnerable to Log4Shell; however, the SIP application could potentially be affected if it attempts to log packet data via a vulnerable log4j library.

A negative result from this plugin does not prove conclusively that the remote system is not affected by Log4Shell, only that any scripts the SIP proxy may be running do not create the conditions that are exploitable via the Log4Shell flaw.

A remote code execution vulnerability exists in Apache Log4j < 2.15.0 due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via a web request to execute arbitrary code with the permission level of the running Java process.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:3999-1 advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1586-1 advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host appears to be running IMAP. IMAP itself is not vulnerable to Log4Shell; however, the IMAP server could potentially be affected if it attempts to log data via a vulnerable log4j library.

This plugin requires that both the scanner and target machine have internet access.

A remote code execution vulnerability exists in Apache Log4j < 2.15.0 due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via a crafted telnet message to execute arbitrary code with the permission level of the running Java process.

This plugin requires that both the scanner and target machine have internet access.

The remote host appears to be running SSH. SSH itself is not vulnerable to Log4Shell; however, the SSH server could potentially be affected if it attempts to log data via a vulnerable log4j library.

This plugin requires that both the scanner and target machine have internet access.

The version of Apache Solr running on the remote web server is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via a web request, to execute arbitrary code with the permission level of the running Java process.

This plugin requires that both the scanner and target machine have internet access.

Cisco Identity Services Engine is affected by the following critical vulnerability in the Apache Log4j Java logging library as descibed in the cisco-sa-apache-log4j-qRuKNEbd advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Cisco SD-WAN vManage is affected by the following critical vulnerability in the Apache Log4j Java logging library as described in the cisco-sa-apache-log4j-qRuKNEbd advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, Cisco Unified Intelligence Center is affected by a remote code execution vulnerability.

  - Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI     features used in configuration, log messages, and parameters do not protect against attacker controlled     LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters     can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From     log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3,     and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to     log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
    (CVE-2021-44228)

Please see the included Cisco BID and Cisco Security Advisory for more information.

ID	Name	Product	Family	Published	Updated	Severity
156017	SIP Script Remote Command Execution via log4shell	Nessus	General	12/12/2021	3/19/2024	critical
156115	Apache Log4Shell RCE detection via callback correlation (Direct Check FTP)	Nessus	FTP	12/16/2021	3/19/2024	critical
156145	openSUSE 15 Security Update : log4j (openSUSE-SU-2021:3999-1)	Nessus	SuSE Local Security Checks	12/17/2021	2/17/2023	critical
156150	openSUSE 15 Security Update : log4j (openSUSE-SU-2021:1586-1)	Nessus	SuSE Local Security Checks	12/17/2021	2/17/2023	critical
156158	Apache Log4Shell RCE detection via callback correlation (Direct Check IMAP)	Nessus	Misc.	12/17/2021	3/19/2024	critical
156162	Apache Log4Shell RCE detection via callback correlation (Direct Check Telnet)	Nessus	Misc.	12/17/2021	3/19/2024	critical
156166	Apache Log4Shell RCE detection via callback correlation (Direct Check SSH)	Nessus	Misc.	12/17/2021	3/19/2024	critical
156471	Apache Solr Log4Shell Direct Check (CVE-2021-44228)	Nessus	CGI abuses	1/5/2022	4/23/2024	critical
160400	Cisco Identity Services Log4j Engine Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)	Nessus	CISCO	5/2/2022	2/17/2023	critical
161212	Cisco SD-WAN vManage Log4j Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)	Nessus	CISCO	5/16/2022	2/17/2023	critical
161213	Cisco Unified Intelligence Center Log4j RCE	Nessus	CISCO	5/16/2022	2/17/2023	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical