Hacking
208

Log4j Exploit Hits Again: Vulnerable VMWare Horizon Servers at Risk






  22-Jan-2022 01:59:50



CVSS V2 Severity

ACCESS-COMPLEXITY:HIGH

ACCESS-VECTOR:NETWORK

AUTHENTICATION:NONE

AVAILABILITY-IMPACT:PARTIAL

CONFIDENTIALITY-IMPACT:PARTIAL

INTEGRITY-IMPACT:PARTIAL

SCORE:5.1

VECTORSTRING:AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS V3 Severity

ATTACK COMPLEXITY:HIGH

ATTACK VECTOR:NETWORK

AVAILABILITY IMPACT:HIGH

BASE SCORE:9

BASE SEVERITY:CRITICAL

CONFIDENTIALITY IMPACT:HIGH

INTEGRITY IMPACT:HIGH

PRIVILEGES REQUIRED:NONE

USER INTERACTION:NONE

EXPLOITABILITY SCORE:2.2

IMPACT SCORE:6



CVE Overview

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.


CWE:https://cwe.mitre.org/data/definitions/502.html   

CVE:CVE-2021-45046

CREATION DATE:Dec. 14, 2021, 7:15 PM

LAST MODIFIED DATE:Dec. 27, 2021, 3:15 AM

  • 9 HOURS AGO by AlienVault
  • Public 
  • TLP
  • Vulnerable VMWare Horizon servers are at risk of being infected with ransomware because of a security flaw known as Log4j, who recently published a blog post on the issue. VMware Horizon server versions 7.x and 8.x are susceptible to two of the Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046). Security experts stated that an attack group has been exploiting these flaws to install webshells on compromised servers.

    REFERENCE:
    https://blog.morphisec.com/log4j-exploit-hits-again-vulnerable-vmware-horizon-servers-at-risk
    MALWARE FAMILY:
    Cobalt Strike - S0154
    ATT&CK IDS:
    T1505 - Server Software ComponentT1574 - Hijack Execution FlowT1530 - Data from Cloud Storage ObjectT1203 - Exploitation for Client ExecutionT1497 - Virtualization/Sandbox EvasionT1190 - Exploit Public-Facing Application

    DISCUSSION
    Nothing comment here :(
    Login for comment and discussion.
    Login Here
    Sponsored

    Oppss... No sponsors yet

    Popular Posts
    Complete Basic Course in Kali...
    Djie sam soe Djie sam soe
    Linux
    10415
    2
    Top

    Gps Tracker Seccodeid Free Too...
    Djie sam soe Djie sam soe
    General
    7260
    167
    Top

    Free Proxy List
    Sandidi Sandidi
    Networking
    3073
    3
    Top

    Mass Reverse IP Unlimited
    ImamWawe ImamWawe
    Tools Hacking
    2379
    12
    Top

    Report McAfee Antivirus Hurrri...
    Indrasp Indrasp
    Windows
    1710
    93
    Top

    Related Post

    Youtube Video

    Subscribe