Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
FSM_FTNT
Staff
Staff

Created on ‎12-13-2021 09:41 AM Edited on ‎12-22-2021 05:52 PM By Staff

Article Id 201008

Techincal Tip : FortiSIEM - Log4j - Mitigating CVE-2021-44228

Description

This article discusses the Apache log4j Vulnerability's effect on FortiSIEM. 

 

This note specifies the steps needed to mitigate this vulnerability without upgrading Apache log4j to version 2.16 or higher. It also notes a FortiSIEM upgrade path.
Scope

FortiSIEM 6.3.2 and earlier, 5.2.5 through 5.4.0
Solution

This KB will be updated if additional mitigation steps are required. If previous KB steps were applied as mitigation, they can remain in place, however the below steps should be followed in addition.

 

Follow the mitigation steps in the known issues links published for each version of FortiSIEM.

 

(Note that FortiSIEM version 6.3.3 includes a patched version of log4j that includes fixes for this vulnerability.)

 

FortiSIEM Version Link to Mitigation
6.1.0 https://docs.fortinet.com/document/fortisiem/6.1.0/release-notes/441737/whats-new-in-6-1-0#Known_Iss...
6.1.1 https://docs.fortinet.com/document/fortisiem/6.1.1/release-notes/965243/whats-new-in-6-1-1#Known_Iss...
6.1.2 https://docs.fortinet.com/document/fortisiem/6.1.2/release-notes/498610/whats-new-in-6-1-2#Known_Iss...
6.2.0 https://docs.fortinet.com/document/fortisiem/6.2.0/release-notes/498610/new-features#Known
6.2.1 https://docs.fortinet.com/document/fortisiem/6.2.1/release-notes/498610/whats-new-in-6-2-1#Known2
6.3.0 https://docs.fortinet.com/document/fortisiem/6.3.0/release-notes/498610/whats-new-in-6-3-0#Known
6.3.1 https://docs.fortinet.com/document/fortisiem/6.3.1/release-notes/330225/whats-new-in-6-3-1#Known
6.3.2 https://docs.fortinet.com/document/fortisiem/6.3.2/release-notes/803208/whats-new-in-6-3-2#Known
5.2.6 https://docs.fortinet.com/document/fortisiem/5.2.6/release-notes/760862/whats-new-in-5-2-6#Known
5.2.7 https://docs.fortinet.com/document/fortisiem/5.2.7/release-notes/760862/whats-new-in-5-2-7#Known
5.2.8 https://docs.fortinet.com/document/fortisiem/5.2.8/release-notes/760862/whats-new-in-5-2-8#Known
5.3.0 https://docs.fortinet.com/document/fortisiem/5.3.0/release-notes/760862/whats-new-in-5-3-0#Known
5.3.1 https://docs.fortinet.com/document/fortisiem/5.3.1/release-notes/760862/whats-new-in-5-3-1#Known
5.3.2 https://docs.fortinet.com/document/fortisiem/5.3.2/release-notes/760862/whats-new-in-5-3-2#Known
5.3.3 https://docs.fortinet.com/document/fortisiem/5.3.3/release-notes/760862/whats-new-in-5-3-3#Known_Iss...
5.4.0 https://docs.fortinet.com/document/fortisiem/5.4.0/release-notes/308906/whats-new-in-5-4-0#New

Three FortiSIEM modules (SVNLite, phFortiInsightAI and 3rd party ThreatConnect SDK) use Apache log4j version 2.14, 2.13 and 2.8 respectively for logging purposes, and hence are vulnerable to the recently discovered Remote Code Execution vulnerability (CVE-2021-44228).

 

These instructions specify the steps needed to mitigate this vulnerability without upgrading Apache log4j to the latest stable version 2.16 or higher. Actions need to be taken on the Supervisor  and Worker nodes only.
Labels:
10615
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.