CVE-2021-44228
critical
Cisco
⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
94.4%
Exploitation probability in 30 days
Top 0% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
⚠️ CISA Known Exploited Vulnerability
Added to KEV: 2021-12-10
Remediation Due: 2021-12-24 (⚠ 1602d overdue)
Ransomware Campaign: Known
Vulnerability Report
Generated by CyberWatcher
Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CWE
CWE-20Affected Products
siemens 6bk1602-0aa12-0tp0 firmwaresiemens 6bk1602-0aa22-0tp0 firmwaresiemens 6bk1602-0aa32-0tp0 firmwaresiemens 6bk1602-0aa42-0tp0 firmwaresiemens 6bk1602-0aa52-0tp0 firmwareapache log4jsiemens sppa-t3000 ses3000 firmwaresiemens capitalsiemens comossiemens desigo cc advanced reports