You may already be aware that a new Apache vulnerability has been detected which exploits a Java-based logging framework in Apache called Log4j2. Just to be clear this vulnerability is applicable to anything that runs Apache Log4j2 2.14.1 and earlier versions.
Many security vendors, such as Fortinet, Cisco, Checkpoint and PaloAlto are creating signatures to be able to identify the attack based on specific match and to then block it. Some vendors are also patching their own operating systems and cloud-based services as they run the Apache process.
Fortinet devices – what should you do?
Whilst, FortiOS is not impacted, Fortinet has created a patch to ensure that when traffic passes through its devices, it is able to assist with the mitigation using the intrusion prevention system (IPS) engine Releases 19.215 and 19.217.
You should ensure that your Fortinet device has an active FortiGuard Subscription (including IPS) and that an IPS profile, which contains the new signature, is applied to inbound policies (Virtual IP’s) that sit in front of Apache servers. If the device has capacity then you should also apply the IPS profile to outbound rules for Apache servers also.
What is Advatek doing?
Our engineering team are actively monitoring the situation and we will be updating our customers as new information emerges.
If you are a fully managed service customer, our service desk team will be in touch shortly to establish whether the patch is required.
If you do not have a support contract with us, then please contact the service desk for information on how we can help you.
