On December 10, a critical vulnerability was discovered in the Log4j component from the Apache Software Foundation, rated at a maximum of 10 on the CVSS scale.
The Log4j component (also known as Log4Shell and LogJam) is a Java-based logging package used by developers to log errors. At the moment, it is already known that the CVE-2021-44228 vulnerability affected a large number of software, including some services of the largest tech companies such as Amazon, Apple, Cisco, Google, Microsoft, Steam and IBM. The Dutch Cybersecurity Center has created a regularly updated doc on GitHub listing the affected applications.
With Total Network Inventory you can quickly build reports on software found on your network from the listed publishers for further analysis. We have also prepared a report with filters for publishers that are currently flagged in the document as vulnerable, patched, or if the status is unknown.
The table report template can be downloaded from here.
To import a template into TNI, open the context menu on the “Custom” category on the sidebar of the Table reports mode and select the Import item.
However, since many applications use the vulnerable library, using the list from GitHub is not always the best way to determine which devices or applications have been affected in your environment. Some participants managed to collect lots of useful information on identifying and eliminating vulnerabilities available on Reddit:
https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/
https://www.reddit.com/r/netsec/comments/rcwws9/rce_0day_exploit_found_in_log4j_a_popular_java/
https://www.reddit.com/r/msp/comments/rdba36/critical_rce_vulnerability_is_affecting_java/