Late last week security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for Java applications. CVE-2021-44228 scores the maximum 10.0 on the Common Vulnerability Scoring System (CVSS) due to a combination of how trivial the exploit is and the potential for significant damage. Since Friday, the WatchGuard Security operations team has been sharing details about the vulnerability along with any potential impact on WatchGuard products at the Secplicity blog. We've also updated a Knowledge Base article with details.
IPS Signature Update
WatchGuard has released new IPS signatures to detect exploits of the vulnerability. Please make sure that all your WatchGuard appliances are configured to receive the latest IPS signature sets:
Are WatchGuard products impacted?
The WatchGuard engineering team is doing a comprehensive review of all our products:
Some product components in WatchGuard Cloud were running a vulnerable version of log4j2, but use a version of JVM that is not vulnerable to the common and trivial LDAP attack vector. We have updated these components out of an abundance of caution.
We are continuing to investigate internally for any additional potential impact. Please continue to check Secplicity and the KB article for latest updates.
src:https://www.watchguard.com/wgrd-blog/apache-log4j-vulnerability