Cisco Identity Services Engine is affected by the following critical vulnerability in the Apache Log4j Java logging library as descibed in the cisco-sa-apache-log4j-qRuKNEbd advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the version of Splunk running on the remote web server is Splunk Enterprise 8.1.x prior to 8.1.7.2 or 8.2.x prior to 8.2.3.3. It may, therefore, be affected by the following vulnerabilities related to the use of Log4j, as follows:

  - Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI     features used in configuration, log messages, and parameters do not protect against attacker controlled     LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters     can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From     log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3,     and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to     log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
    (CVE-2021-44228)

  - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain     non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input     data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for     example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input     data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some     environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix     this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
    (CVE-2021-45046)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A remote code execution vulnerability exists in Apache Log4j < 2.15.0 due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via a web request to execute arbitrary code with the permission level of the running Java process.

The remote host appears to be running SIP. SIP itself is not vulnerable to Log4Shell; however, the SIP application could potentially be affected if it attempts to log packet data via a vulnerable log4j library.

A negative result from this plugin does not prove conclusively that the remote system is not affected by Log4Shell, only that any scripts the SIP proxy may be running do not create the conditions that are exploitable via the Log4Shell flaw.

A remote code execution vulnerability exists in Apache Log4j < 2.15.0 due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via a web request to execute arbitrary code with the permission level of the running Java process.

The plugin relies on callbacks from the target being scanned and hence any firewall rules or interaction with other security devices will affect the efficacy of the plugin. The plugin will also not yield results on Tenable.io and customers are encouraged to use plugin IDs 155999, 156000, 156001, and 156002 instead when scanning with Tenable.io. We continue to explore options for additional detection.

This plugin will have the scanner listen for the callback on a random port in the 50000 to 60000 range.

The remote host appears to be running IMAP. IMAP itself is not vulnerable to Log4Shell; however, the IMAP server could potentially be affected if it attempts to log data via a vulnerable log4j library.

This plugin requires that both the scanner and target machine have internet access.

The version of Apache Log4j on the remote host is 2.x < 2.15.0. It is, therefore, affected by a remote code execution vulnerability in the JNDI parser due to improper log validation. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. 

Log4j 1.x, which reached its End of Life prior to 2016, comes with JMSAppender which will perform a JNDI lookup if enabled in Log4j's configuration file, hence customers should evaluate triggers in 1.x based on the risk that it is EOL and whether JNDI lookups are enabled.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apache Solr running on the remote web server is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via a web request, to execute arbitrary code with the permission level of the running Java process.

This plugin requires that both the scanner and target machine have internet access.

Cisco SD-WAN vManage is affected by the following critical vulnerability in the Apache Log4j Java logging library as described in the cisco-sa-apache-log4j-qRuKNEbd advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A remote code execution vulnerability exists in Apache Log4j < 2.15.0 due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via a crafted telnet message to execute arbitrary code with the permission level of the running Java process.

This plugin requires that both the scanner and target machine have internet access.

The remote host appears to be running SSH. SSH itself is not vulnerable to Log4Shell; however, the SSH server could potentially be affected if it attempts to log data via a vulnerable log4j library.

This plugin requires that both the scanner and target machine have internet access.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1586-1 advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:3999-1 advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1601-1 advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

  - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-     default configurations. This could allows attackers with control over Thread Context Map (MDC) input data     when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for     example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input     data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some     environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix     this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
    (CVE-2021-45046)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5022 advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

  - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-     default configurations. This could allows attackers with control over Thread Context Map (MDC) input data     when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for     example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input     data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 makes a best-     effort attempt to restrict JNDI LDAP lookups to localhost by default. Log4j 2.16.0 fixes this issue by     removing support for message lookup patterns and disabling JNDI functionality by default. (CVE-2021-45046)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.261-2.6.22.2. The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.312.b07-1. The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.13+8-2. The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.1+12-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1731 advisory.

  - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log     messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
    An attacker who can control log messages or log message parameters can execute arbitrary code loaded from     LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been     disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this     vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging     Services projects. (CVE-2021-44228)

  - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-     default configurations. This could allows attackers with control over Thread Context Map (MDC) input data     when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for     example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input     data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 makes a best-     effort attempt to restrict JNDI LDAP lookups to localhost by default. Log4j 2.16.0 fixes this issue by     removing support for message lookup patterns and disabling JNDI functionality by default. (CVE-2021-45046)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
160400	Cisco Identity Services Log4j Engine Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)	Nessus	CISCO	5/2/2022	8/31/2022	critical
160471	Splunk Enterprise 8.1.x < 8.1.7.2 / 8.2.x < 8.2.3.3 Log4j (macOS)	Nessus	MacOS X Local Security Checks	5/3/2022	8/31/2022	critical
156115	Apache Log4Shell RCE detection via callback correlation (Direct Check FTP)	Nessus	FTP	12/16/2021	8/31/2022	critical
156017	SIP Script Remote Command Execution via log4shell	Nessus	General	12/12/2021	8/31/2022	critical
155998	Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)	Nessus	Web Servers	12/10/2021	8/31/2022	critical
156158	Apache Log4Shell RCE detection via callback correlation (Direct Check IMAP)	Nessus	Misc.	12/17/2021	8/31/2022	critical
156002	Apache Log4j < 2.15.0 Remote Code Execution (Windows)	Nessus	Misc.	12/10/2021	8/31/2022	critical
156471	Apache Solr Log4Shell Direct Check (CVE-2021-44228)	Nessus	CGI abuses	1/5/2022	8/31/2022	critical
161212	Cisco SD-WAN vManage Log4j Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)	Nessus	CISCO	5/16/2022	8/31/2022	critical
156162	Apache Log4Shell RCE detection via callback correlation (Direct Check Telnet)	Nessus	Misc.	12/17/2021	8/31/2022	critical
156166	Apache Log4Shell RCE detection via callback correlation (Direct Check SSH)	Nessus	Misc.	12/17/2021	9/21/2022	critical
156150	openSUSE 15 Security Update : log4j (openSUSE-SU-2021:1586-1)	Nessus	SuSE Local Security Checks	12/17/2021	8/31/2022	critical
156145	openSUSE 15 Security Update : log4j (openSUSE-SU-2021:3999-1)	Nessus	SuSE Local Security Checks	12/17/2021	8/31/2022	critical
156218	openSUSE 15 Security Update : log4j (openSUSE-SU-2021:1601-1)	Nessus	SuSE Local Security Checks	12/21/2021	8/31/2022	critical
156124	Debian DSA-5022-1 : apache-log4j2 - security update	Nessus	Debian Local Security Checks	12/16/2021	8/31/2022	critical
156182	Amazon Linux 2 : java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk (ALAS-2021-1731)	Nessus	Amazon Linux Local Security Checks	12/18/2021	8/31/2022	critical

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical