The authenticated checks support both Linux and Windows scanning as of version 6.6.121 released December 17, 2021. The most reliable way to find vulnerable instances of CVE-2021-44228 is via our authenticated checks (check IDs: apache-log4j-core-cve-2021-44228-2_16, apache-log4j-core-cve-2021-44228-2_12_2, apache-log4j-core-cve-2021-44228-2_3_1), which perform a complete filesystem search for JAR files matching log4j-core.*.jar. Using the search predicate software.product CONTAINS log4j will show packages on Linux systems that have been installed via package managers such as rpm or dpkg.Īn alternative approach to this is using an SQL Query Export using the following query: SELECTĭim_asset da ON da.asset_id = das.asset_idĪuthenticated and agent-based assessments Because we use generic fingerprinting techniques such as querying Linux package managers and enumerating software found in Windows Registry uninstaller keys, the software inventory for assets may include products that are not explicitly supported. Before (or while) you scanĮven before a vulnerability check has been made available, it can be possible to get a sense of your exposure using InsightVM features such as Query Builder, or Nexpose’s Dynamic Asset Groups. For additional documentation on scanning for Log4j CVE-2021-44228, take a look at our docs here. This post assumes you already have an operational deployment of InsightVM or Nexpose. The intent of this post is to walk InsightVM and Nexpose users through how to best approach detecting exposure to Log4Shell in your environment, while providing some additional detail about how the various checks work under the hood. For in-depth analysis on the vulnerability and its attack surface area, see AttackerKB. When it comes to a vulnerability like CVE-2021-44228, affecting a software library (Log4j) that is used to build other software products and may not expose its presence in an obvious way, the situation gets even more complicated. Which method is best depends on the software and specific vulnerability in question, not to mention variability that comes into play with differing network topologies and Scan Engine deployment strategies. There are many methods InsightVM can use to identify vulnerable software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |