Created on 04-23-2024 03:14 AM Edited on 04-23-2024 03:14 AM By Stephen_G
Description | This article describes detection of the Lazarus RAT Attack(Apache Log4j2 Remote Code Execution) with FortiDevSec. CVE-2021-44228 affects Apache Log4j2 versions 2.0-beta9 through 2.15.0, excluding certain security releases. It allows remote code execution via crafted log messages or parameters utilizing JNDI features. This vulnerability is mitigated in Log4j 2.15.0 by disabling the feature by default and completely removed in version 2.16.0. |
Scope | FortiDevSec SCA scanner updated in version 24.1.a |
Solution |
Detection against these vulnerabilities is empowered by the FortiDevSec Software Composition Analysis (SCA) scanner.
This technology enables FortiDevSec to assess with a high level of confidence if the application codebase is vulnerable to a specific vulnerability by identifying open-source software dependencies.
The SCA scanner is enabled by default. Once the scan is performed on an application, the result appears under the Software Composition Analysis tab.
A step-by-step guide on how to scan an application is available in the user guide. For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to https://www.fortiguard.com/outbreak-alert/lazarus-rat-attack |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.