Forum Discussion
Detection Plugins Released for Log4J CVE-2021-44228 ...
Detection Plugins Released for Log4J CVE-2021-44228
Summary
Tenable has developed and released detection plugins in response to a critical vulnerability reported in Log4j, a Java based logging utility widely used in many applications, cloud services, and websites. The vulnerability is tracked as CVE-2021-44228 and CISA has issued an alert warning that the vulnerability is under active exploitation. Tenable has released scan templates for each of our Tenable products to consolidate CVE-2021-44228 plugins and make running scans for this vulnerability simple and straightforward for our customers. In addition, Tenable.io customers have a new dashboard and a dedicated widget on the Tenable.io main dashboard while Tenable.sc customers have a new dashboard. As new vendor advisory based plugins are developed Tenable will include the plugins in the scan templates on a recurring basis.
Impact
Tenable customers now have detection plugins to provide initial identification of potentially vulnerable targets that use or contain the Log4j library. As vendor advisories are released for products that contain the Log4j library, Tenable will release plugins specific to each vendor advisory affected by CVE-2021-44228.
Changes
5 6 NASL plugins for local and remote detection in Nessus, Tenable.sc and Tenable.io + Nessus Scan Template have been released and are available in the feed.
155998 - Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)
155999 - Apache Log4j < 2.15.0 Remote Code Execution
156000 - Apache Log4j Installed (Unix)
156001 - Apache Log4j JAR Detection (Windows)
156002 - Apache Log4j < 2.15.0 Remote Code Execution
Scan template - Detection of Apache Log4j CVE-2021-44228
***UPDATE 20:30 SAT 11 DEC 2021***
Direct Check Plugin 155998 has a known limitation when run on cloud scanners or across network firewalls. A 6th plugin has been added to the scan template:
156014 - Apache Log4Shell - CVE-2021-44228 [direct check DNS query]
- a direct check similar to PluginID: 155998 but designed to work on T.io cloud scanners and restrictive networks.
Target Release Date
Immediate
Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.
7 Replies
Is there a command for .sc users?
Execute below command from /opt/nessus/sbin folder (For IO Users)
./nessuscli fix --secure --delete feed_auto_last
Hi Guys, Log in as administrator and update your feeds and plugins. hope it helps
I don't see it either
Updating the feeds worked for me.
I have Tenable Sc. However the template is not appearing in my policy section. I have updated the feeds and the plugins but still I cannot see the template. Any Idea of how to fix it?
