Hacking
473

Log4j Exploit Hits Again: Vulnerable VMWare Horizon Servers at Risk






  22-Jan-2022 01:59:50



CVSS V2 Severity

ACCESS-COMPLEXITY:HIGH

ACCESS-VECTOR:NETWORK

AUTHENTICATION:NONE

AVAILABILITY-IMPACT:PARTIAL

CONFIDENTIALITY-IMPACT:PARTIAL

INTEGRITY-IMPACT:PARTIAL

SCORE:5.1

VECTORSTRING:AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS V3 Severity

ATTACK COMPLEXITY:HIGH

ATTACK VECTOR:NETWORK

AVAILABILITY IMPACT:HIGH

BASE SCORE:9

BASE SEVERITY:CRITICAL

CONFIDENTIALITY IMPACT:HIGH

INTEGRITY IMPACT:HIGH

PRIVILEGES REQUIRED:NONE

USER INTERACTION:NONE

EXPLOITABILITY SCORE:2.2

IMPACT SCORE:6



CVE Overview

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.


CWE:https://cwe.mitre.org/data/definitions/502.html   

CVE:CVE-2021-45046

CREATION DATE:Dec. 14, 2021, 7:15 PM

LAST MODIFIED DATE:Dec. 27, 2021, 3:15 AM

  • 9 HOURS AGO by AlienVault
  • Public 
  • TLP
  • Vulnerable VMWare Horizon servers are at risk of being infected with ransomware because of a security flaw known as Log4j, who recently published a blog post on the issue. VMware Horizon server versions 7.x and 8.x are susceptible to two of the Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046). Security experts stated that an attack group has been exploiting these flaws to install webshells on compromised servers.

    REFERENCE:
    https://blog.morphisec.com/log4j-exploit-hits-again-vulnerable-vmware-horizon-servers-at-risk
    MALWARE FAMILY:
    Cobalt Strike - S0154
    ATT&CK IDS:
    T1505 - Server Software ComponentT1574 - Hijack Execution FlowT1530 - Data from Cloud Storage ObjectT1203 - Exploitation for Client ExecutionT1497 - Virtualization/Sandbox EvasionT1190 - Exploit Public-Facing Application

    *Beware click the link!


    DISCUSSION
    Nothing comment here :(
    Login for report, comment and join discussion
    Login Here
    Sponsored

    Popular Posts
    Gps Tracker Seccodeid Free Too...
    General
    21267
    202
    Top


    Djie sam soe Djie sam soe
    Complete Basic Course in Kali...
    Linux
    14301
    4
    Top


    Djie sam soe Djie sam soe
    Komintod (Ministry of Communic...
    Data Leak
    6457
    78
    Top


    Murtad methamphetamine Murtad methamphetamine
    Free Proxy List
    Networking
    3612
    3
    Top


    Sandidi Sandidi
    Mass Reverse IP Unlimited
    Tools Hacking
    3361
    13
    Top


    ImamWawe ImamWawe

    Related Post

    Youtube Video

    Subscribe