Rapid 7 - Update on Log4Shell’s Impact on Rapid7 Solutions and Systems

Update on Log4Shell’s Impact on Rapid7 Solutions and Systems

Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s log4j Java library (a.k.a. Log4Shell). We have been continuously monitoring for Log4Shell exploit attempts in our environment and have been urgently investigating the implications for our corporate and production systems. Log4Shell has kept the security community extremely busy for the past several days, and we are no exception. At this time, we have not detected any successful Log4Shell exploit attempts in our systems or solutions. We will continue monitoring our environment for new vulnerability instances and exploit attempts and will update this page as we learn more.

Rapid7 solutions

In terms of Rapid7’s solutions, we prioritized remediation efforts on the Insight Platform and other hosted web application products (e.g. non-Insight branded products such as Logentries). We have remediated the Log4Shell vulnerability in our deployed application services’ code. Customers do not need to take action for any of our hosted web solutions.

Customer action required

There is no action for most customers using our solutions. However, for those using on-premise solutions, the following products and product components have been patched but require customers to take action to fully remediate Log4Shell in their environments. We strongly urge all customers using vulnerable versions of these products and product components to apply updates immediately since this vulnerability is being actively exploited and could result in highly impactful remote code execution.

Product or Component Affected Version(s) Remediation and Mitigation Instructions
InsightOps r7insight_java logging library Versions <= 3.0.8 Upgrade r7insight_java to 3.0.9
Logentries le_java logging library All versions: this is a deprecated component Migrate to version 3.0.9 of r7insight_java
Logentries DataHub Linux version <= 1.2.0.820

Windows version <= 1.2.0.820
Linux: Install DataHub_1.2.0.822.deb using the following instructions.

Windows: Run version 1.2.0.822 in a Docker container or as a Java command per these instructions.

You can find more details here.
InsightOps DataHub InsightOps DataHub <= 2.0 Upgrade DataHub to version 2.0.1 using the following instructions.

No customer action required

We have confirmed the following on-premise products and product components are not affected:

  • Alcide kArt, kAdvisor, and kAudit
  • AppSpider Pro
  • AppSpider Enterprise
  • Insight Agent
  • InsightIDR Network Sensor
  • InsightIDR/InsightOps Collector & Event Sources
  • InsightAppSec Scan Engine
  • InsightCloudSec/DivvyCloud
  • InsightConnect Orchestrator
  • InsightOps non-Java logging libraries
  • InsightVM Kubernetes Monitor
  • InsightVM/Nexpose
  • InsightVM/Nexpose Console
  • InsightVM/Nexpose Engine
  • IntSights virtual appliance
  • Metasploit Pro

Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j.

  • Metasploit Framework
  • tCell Java Agent
  • Velociraptor

Further reading and recommendations

Our Emerging Threat Response team has put together a detailed blog post about general guidance about how to mitigate and remediate Log4Shell. We will continue updating this post as we learn more about Log4Shell and new mitigation strategies and tactics.




from Rapid7 Blog https://blog.rapid7.com/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"