Late last week security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for Java applications. CVE-2021-44228 scores the maximum 10.0 on the Common Vulnerability Scoring System (CVSS) due to a combination of how trivial the exploit is and the potential for significant damage. Since Friday, the WatchGuard Security operations team has been sharing details about the vulnerability along with any potential impact on WatchGuard products at the Secplicity blog. We've also updated a Knowledge Base article with details.
IPS Signature Update
WatchGuard has released new IPS signatures to detect exploits of the vulnerability. Please make sure that all your WatchGuard appliances are configured to receive the latest IPS signature sets:
- Fireware v12.6.2 and higher: IPS v18.188
- Fireware v12.6.1 and lower: IPS v4.1232
Are WatchGuard products impacted?
The WatchGuard engineering team is doing a comprehensive review of all our products:
- Firebox, WatchGuard System Manager, and Dimension - Not affected
- WatchGuard EPDR and Panda AD360 - Not affected
Some product components in WatchGuard Cloud were running a vulnerable version of log4j2, but use a version of JVM that is not vulnerable to the common and trivial LDAP attack vector. We have updated these components out of an abundance of caution.
- AuthPoint - Updated
- Threat Detection and Response - Updated
- Wi-Fi Cloud - Updated