Skip to main content
Core Security Logo Core Security Logo
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Cyber Threat

      Products

      • Core Impact Penetration testing software
      • Cobalt Strike Red team software
      • Outflank Security Tooling (OST) Evasive attack simulation
      • Event Manager Security information and event management
      • Powertech Antivirus Server-level virus protection
      • Product Bundles

      Solutions

      • Penetration Testing
      • Penetration Testing Services
      • Offensive Security
      • Threat Detection
      • Security Information and Event Management
    • Penetration Testing Services Security consulting services
  • Identity

      Products

      • Access Assurance Suite User provisioning and governance
      • Core Password & Secure Reset Self-service password management
      • Core Privileged Access Manager (BoKS) Privileged access management (PAM)

      Solutions

      • Privileged Access Management
      • Identity Governance & Administration
      • Password Management
    • See How to Simplify Access in Your Organization | Request a Demo
  • Industries
    • Healthcare
    • Financial Services
    • Federal Government
    • Retail
    • Utilities & Energy
    • Higher Education
    • Compliance
  • Resources
    • Upcoming Webinars & Events
    • Blogs
    • Case Studies
    • Videos
    • Datasheets
    • Guides
    • Ecourses
    • Compliance
    • All Resources
  • CoreLabs
    • Advisories
    • Exploits
    • Publications
    • Articles
    • Open Source Tools
  • About
    • Partners
    • Careers
    • Press Releases
    • Contact Us

Core Impact Issues Latest Exploit for Log4Shell Vulnerability

The Log4Shell vulnerability, a serious remote code execution vulnerability in the Apache Log4j2 library, is one of the best candidates for winning several Pwnie awards in 2022.

What is the Log4Shell Vulnerability?

CVE-2021-44228 is an improper input validation vulnerability (CWE-20). Any attacker who controls log messages or log message parameters is able to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. This can occur in any application that uses the open-source library and affects versions Log4j 2.0-beta9 up to 2.14.1. This vulnerability is incredibly dangerous, scoring a perfect 10 on 10 in the CVSS rating system, indicative of the severity of the issue.

Log4Shell poses enough of a threat that the Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert advising organizations to take action by upgrading to Log4j 2.15.0 or applying the recommended mitigations that are listed in the Apache Log4j 2.15.0 Announcement.

Image
Log4Shell
The Log4shell exploit being used against vRealize Operations Manager on Core Impact

Proactively Responding to Log4Shell with Core Impact

Core Impact customers can be proactive in their response since they can effortlessly run a pen test to see if this vulnerability is present in their infrastructures. Our exploits team has already created exploits for two VMware products: the VMware vRealize Operations Manager Log4shell Remote Code Execution Vulnerability Exploit and VMware vCenter Server Log4shell Remote Code Execution Vulnerability Exploit. Both are now available in the latest release of Core Impact, version 21.2. Please also note that at this time, Core Impact is not impacted by the Log4Shell vulnerability.

Core Impact's commercial grade exploit library is regularly updated with new exploits written and tested by pen testing experts. Our exploits team works to swiftly create high value and reliable exploits that will benefit our customers and help them achieve their pen testing goals.

Protecting Against Log4Shell and the Importance of Regular Pen Testing

As mentioned earlier, a patch is available for CVE-2021-44228. There are mitigations available for different affected products and, as advised by CISA, the option of upgrading to Log4j 2.15.0 or applying the recommended mitigations by vendors. However, mitigations may be incorrectly implemented, and patches are not always properly applied—sometimes something as simple as failure to restart can mean that you're still at risk. The best way to be sure that your IT environment is no longer at risk is to verify remediation efforts using Core Impact's one-step remediation validator.

Meet the Author

Marcos Accossatto

Senior Cybersecurity Developer, Exploit Writing Team
Core Security
View Profile
Related Content
Article
Reversing and Exploiting Free Tools Series
Digital lock
Video
Getting Inside the Mind of an Attacker: Going Beyond the Exploitation of Software Vulnerabilities
Getting Inside the Mind of An Attacker Part One Thumbnail
Video
Getting Inside the Mind of an Attacker: After the Breach - Next Steps After Compromising Active Directory

Want to stay up to date on the latest exploits?

CTA Text

Subscribe to receive regular email updates on new exploits available for Core Impact.

GET UPDATES
  • Email Core Security Email Us
  • Twitter Find us on Twitter
  • LinkedIn Find us on LinkedIn
  • Facebook Find us on Facebook

Products

  • Access Assurance Suite
  • Core Impact
  • Cobalt Strike
  • Event Manager
  • Browse All Products

Solutions

  • Identity Governance

  • PAM
  • IGA
  • IAM
  • Password Management
  • Vulnerability Management
  • Compliance
  • Cyber Threat

  • Penetration Testing
  • Red Team
  • Phishing
  • Threat Detection
  • SIEM

Resources

  • Upcoming Webinars & Events
  • Corelabs Research
  • Blog
  • Training

About

  • Our Company
  • Partners
  • Careers
  • Accessibility

Support

Privacy Policy

Contact

Impressum

Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners.