F-Secure Elements Vulnerability Management - Can it detect CVE-2021-44228 (Log4j2) ? - F-Secure Community
<main> <article class="userContent"> <h3 data-version="14" data-article="000036547" data-id="issue">Issue:</h3> <p></p><ol><li>I would like to confirm if F-Secure Elements Vulnerability Management (Radar) can detect CVE-2021-44228 (Log4j2)?</li><li>What is the schedule for adding detection for CVE-2021-44228 (Log4j2)?</li><li>How can I verify when detection for CVE-2021-44228 (Log4j2) is available?</li></ol><h3 data-id="resolution">Resolution:</h3> <p>The detection of <b>CVE-2021-44228</b> is available for selected software, following vendor security advisories publishing new versions of products with fixed and older versions of software that are marked as vulnerable. The list of affected software is constantly increasing, therefore more often re-scans should be considered. <br><br>F-Secure does not recommend limiting the scanning template to specific plugins only. <br><br><b>Moreover, F-Secure released System Scan plugins for Linux and Windows authenticated scans, where vulnerable libraries are being discovered on a local drive and listed in the plugin output.</b><br><br>In addition to the above, there is also a remote unauthenticated check that uses an exploit-based approach. A test with<b> jndi:ldap</b> expression in the payload is performed and we listen for the signs of successful exploitation.<br><br>You can view the current list of Log4Shell / Log4Jam detection capabilities by following these steps:<br></p><ol><li>Log in to the Elements Vulnerability Management portal</li><li>Go to the <b>Vulnerabilities </b>page </li><li>Select the <b>Vulnerability coverage </b>tab</li><li>Click on the blue <b>Filter </b>arrow </li><li>Add the following filters: <ul><li>CVE references including CVE-2021-44228</li><li>CVE references including CVE-2021-45046</li></ul></li><li>Click <b>Apply</b></li></ol> The Element Vulnerability Management news section (RSS feed) is available on the Vulnerability Management portal to find out what the newly added vulnerability definitions are. Vulnerability coverage can be checked from the F-Secure Vulnerability Management portal. If a specific CVE-ID is not found, coverage for the detection is not yet available. <br><br><b>Vulnerability coverage:</b> <a rel="nofollow" href="https://portal.radar.f-secure.com/vulnerabilities/definitions">https://portal.radar.f-secure.com/vulnerabilities/definitions</a> <br><br>Please also follow <a rel="nofollow" href="https://portal.radar.f-secure.com/news">https://portal.radar.f-secure.com/news</a> for further updates<br><br><b>Details from the National Vulnerability database:</b> <a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2021-44228">https://nvd.nist.gov/vuln/detail/CVE-2021-44228</a> <p>Article no: 000036547</p> </article> </main>