fortiguard.fortinet.com
Open in
urlscan Pro
149.5.234.134
Public Scan
Submitted URL: http://www.fortinet.com/ids/VID51006
Effective URL: https://fortiguard.fortinet.com/encyclopedia/ips/51006
Submission: On May 22 via api from SE — Scanned from SE
Effective URL: https://fortiguard.fortinet.com/encyclopedia/ips/51006
Submission: On May 22 via api from SE — Scanned from SE
Form analysis 2 forms found in the DOM
GET /search
<form action="/search" method="get" class="form-check d-none ng-pristine ng-valid">
<span class="search_flat">
<label for="search_field_header" class="visually-hidden" id="label-search_field-header">Search</label>
<input id="search_field_header" type="text" class="search_field" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
<button type="submit" value=" " class="btn btn-sm" aria-label="Submit your search">
<img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=26886" alt="search">
</button>
<div class="global_search-popup">
<fieldset>
<legend class="visually-hidden">Please select any available option</legend>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="all_home" class="form-check-input search-input-option" value="1" checked="checked" aria-checked="true">
<label class="form-check-label search-input-label" for="all_home"> Normal </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="exact_home" class="form-check-input search-input-option" value="2">
<label class="form-check-label search-input-label" for="exact_home"> Exact Match </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="cve_home" class="form-check-input search-input-option" value="3">
<label class="form-check-label search-input-label" for="cve_home"> CVE Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="threat_home" class="form-check-input search-input-option" value="4">
<label class="form-check-label search-input-label" for="threat_home"> ID Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="psirt_home" class="form-check-input search-input-option" value="6">
<label class="form-check-label search-input-label" for="psirt_home"> PSIRT Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="repms_home" class="form-check-input search-input-option" value="8">
<label class="form-check-label search-input-label" for="repms_home"> Antispam Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="outbreak-alert_home" class="form-check-input search-input-option" value="9">
<label class="form-check-label search-input-label" for="outbreak-alert_home"> Outbreak Alert Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="url_home" class="form-check-input search-input-option" value="7">
<label class="form-check-label search-input-label" for="url_home"> IP/Domain/URL Lookup </label>
</div>
</fieldset>
</div>
</span>
</form>GET /search
<form action="/search" method="get" class="mobile-search-form col-12 ng-pristine ng-valid">
<div class="input-group">
<select class="form-select" name="engine">
<option value="1"> Normal </option>
<option value="2"> Exact Match </option>
<option value="3"> CVE Lookup </option>
<option value="4"> ID Lookup </option>
<option value="6"> PSIRT Lookup </option>
<option value="8"> Antispam Lookup </option>
<option value="9"> Outbreak Alert Lookup </option>
<option value="7"> IP/Domain/URL Lookup </option>
</select>
<input id="search_field_header" type="text" class="form-control" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
<button class="btn btn-sm btn-outline-secondary" type="submit">
<img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=26886" alt="search">
</button>
</div>
</form>Text Content
* Search
Please select any available option
Normal
Exact Match
CVE Lookup
ID Lookup
PSIRT Lookup
Antispam Lookup
Outbreak Alert Lookup
IP/Domain/URL Lookup
* News / Research
NEWS/RESEARCH
RESEARCH CENTER
PSIRT CENTER
Explore latest research and threat reports on emerging cyber threats.
* Outbreak Alerts
* Threat Signal
* Security Blog
Fortinet Product Security Incident Response Team (PSIRT) updates.
* Advisories
* Security Vulnerability Policy
* PSIRT Blog
* PSIRT Contact
* Services
SERVICES
BY OUTBREAK
BY SOLUTION
BY PRODUCT
PROTECT
Counter measures across the security fabric for protecting assets, data and
network.
* Anti-Recon and Anti-Exploit
* AntiSpam
* AntiVirus
* Application Control
* Anti-Botnet
* Endpoint Detection & Response
* Endpoint Vulnerability
* Operational Technology Security
* Intrusion Protection
* Sandbox Behavior Engine
* Web Application Security
* Web Filtering
* Inline-CASB Application Definitions
DETECT
Find and correlate important information to identify an outbreak.Find and
correlate
* Anti-Recon and Anti-Exploit
* Indicators of Compromise
* Outbreak Deception
* Outbreak Detection
* Security Automation
RESPOND
Develop containment techniques to mitigate impacts of security events.Develop
containment
* FortiClient Forensics
* FortiRecon: ACI
* FortiXDR
* Incident Response
RECOVER
Improve security posture and processes by implementing security awareness and
training.
* Assessment Services
* NSE Training
* Security Awareness Training
IDENTIFY
Identify processes and assets that need protection.Identify processes and
assets that
* CNP
* Endpoint Vulnerability
* FortiRecon: BP
* FortiRecon: EASM
* FortiTester
* IoT Detection
* Pen Testing
* Security Rating
* NETWORK SECURITY
* Anti-Recon and Anti-Exploit
* Anti-Botnet
* CNP
* Data Loss Prevention
* Indicators of Compromise
* Internet Services
* Intrusion Protection
* IP Geolocation
* Secure DNS
* Inline-CASB Application Definitions
* ENDPOINT SECURITY
* ANN and NDR
* AntiVirus
* Endpoint Detection & Response
* Endpoint Vulnerability
* IoT Detection
* Sandbox Behavior Engine
* FortiClient Outbreak Detection
* APPLICATION SECURITY
* AntiSpam
* Application Control
* Credential Stuffing Defense
* Client Application Firewall
* Operational Technology Security
* Web Application Security
* Web Filtering
* SECURITY OPERATIONS
* Breach Attack Simulation
* FortiDevSec
* FortiSIEM Outbreak Detection Service
* Outbreak Detection
* Outbreak Deception
* Pen Testing
* Security Rating
* FortiGate
* FortiAnalyzer
* FortiClient
* FortiWeb
* FortiADC
* FortiAuthenticator
* FortiCNP
* FortiDDoS
* FortiDeceptor
* FortiEDR
* empty
* FortiMail
* FortiNDR
* FortiPAM
* FortiPolicy
* FortiProxy
* FortiRecon
* FortiSandBox
* FortiSASE
* FortiSIEM
* FortiTester
* empty
* AntiVirus
* Application Control
* Anti-Botnet
* Operational Technology Security
* Intrusion Protection
* IoT Detection
* IP Geolocation
* Secure DNS
* Security Rating
* Web Filtering
* Inline-CASB Application Definitions
* Indicators of Compromise
* Outbreak Detection
* Security Automation
* Anti-Recon and Anti-Exploit
* AntiVirus
* Application Firewall
* Anti-Botnet
* Credential Stuffing Defense
* Endpoint Vulnerability
* Intrusion Protection
* Web Filtering
* Outbreak Detection
* AntiVirus
* Application Control
* Anti-Botnet
* Credential Stuffing Defense
* IP Geolocation
* Web Application Security
* Fuzzy Webshell
* AntiVirus
* Anti-Botnet
* Credential Stuffing Defense
* Intrusion Protection
* IP Geolocation
* Web Application Security
* Web Filtering
* IP Geolocation
* Anti-Botnet
* Data Loss Prevention
* IP Geolocation
* Vulnerability
* Anti-Botnet
* Anti-Recon and Anti-Exploit
* AntiVirus
* Intrusion Protection
* Outbreak Deception
* AntiVirus
* EndPoint Detection and Response
* Endpoint Vulnerability
* Indicators of Compromise
* Web Filtering
* AntiSpam
* AntiVirus
* Web Filtering
* Network Detection and Response
* AntiVirus
* Data Loss Prevention
* Anti-Botnet
* Application Control
* Anti-Botnet
* Application Control
* Industrial Security
* Digital Risk Protection
* AntiVirus
* Intrusion Protection
* Sandbox Behavior Engine
* Web Filtering
* AntiVirus
* Application Control
* Anti-Botnet
* Data Loss Prevention
* Endpoint Vulnerability
* Intrusion Protection
* Secure DNS
* Web Filtering
* Indicators of Compromise
* IP Geolocation
* Outbreak Detection
* Breach Attack Simulation
* Threat Intelligence
THREAT INTELLIGENCE
CENTER
Browse the FortiGuard Labs extensive encyclopedia and Threat Analytics.
* Threat Encyclopedia
* Threat Analytics
* Threat Map
* Application Control Lookup
* Web Filtering Lookup
* Resources
RESOURCE CENTER
Learn about service status, publications and other available resources.
* MITRE ATT&CK Matrix
* Publications
* Security Best Practices
* FortiGuard Sample Files
* About
ABOUT
FORTIGUARD LABS
PARTNERS
AI-Powered Threat Intelligence for an Evolving Digital World.
* Premium Services
* Contact Us
* RSS Feeds
Leveraging cyber security industry partner relationships.
* Cyber Threat Alliance
* MITRE Engenuity
*
* News / Research
* Outbreak Alerts
* Threat Signal
* Security Blog
* Advisories
* Security Vulnerability Policy
* PSIRT Blog
* PSIRT Contact
* Services
* Anti-Botnet
* Anti-Recon and Anti-Exploit
* Anti-Recon and Anti-Exploit
* AntiSpam
* AntiVirus
* Application Control
* Assessment Services
* CNP
* Endpoint Detection & Response
* Endpoint Vulnerability
* Endpoint Vulnerability
* FortiClient Forensics
* FortiRecon: ACI
* FortiRecon: BP
* FortiRecon: EASM
* FortiTester
* FortiXDR
* Incident Response
* Indicators of Compromise
* Inline-CASB Application Definitions
* Intrusion Protection
* IoT Detection
* NSE Training
* Operational Technology Security
* Outbreak Deception
* Outbreak Detection
* Pen Testing
* Sandbox Behavior Engine
* Security Automation
* Security Awareness Training
* Security Rating
* Web Application Security
* Web Filtering
* Threat Lookup
* Threat Encyclopedia
* Threat Analytics
* Threat Map
* Application Control Lookup
* Web Filtering Lookup
* Resources
* MITRE ATT&CK Matrix
* Publications
* Security Best Practices
* FortiGuard Sample Files
* About
* Premium Services
* Contact Us
* RSS Feeds
* Cyber Threat Alliance
* MITRE Engenuity
* FORTINET
Normal Exact Match CVE Lookup ID Lookup PSIRT Lookup Antispam Lookup Outbreak
Alert Lookup IP/Domain/URL Lookup
INTRUSION PREVENTION
APACHE.LOG4J.ERROR.LOG.REMOTE.CODE.EXECUTION
DESCRIPTION
This indicates an attack attempt to exploit a Remote Code Execution
Vulnerability in Apache Log4j.
The vulnerability is due to insufficient sanitizing of user supplied inputs in
the application. A remote attacker may be able to exploit this to execute
arbitrary code within the context of the application.
OUTBREAK ALERT
A 0-day exploit was discovered on a popular Java library Log4j2 that can result
to a Remote Code Execution (RCE). This is a widely deployed library, and while
systems protected by Fortinet Security Fabric are secured by the protections
below, all systems need to upgrade ASAP as this is 10.0 severity. Due to the
high visibility and attention, subsequent vulnerabilities have since emerged
View the full Outbreak Alert Report
Joint Cybersecurity Advisory (CSA) has released the top Common Vulnerabilities
and Exposures (CVEs) used since 2020 by Peoples Republic of China (PRC)
state-sponsored cyber actors as assessed by the National Security Agency (NSA),
Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of
Investigation (FBI). Previously, FortiGuard labs has already published various
Outbreaks Alerts included in the released CISA's advisory such as: Apache Log4j,
Hikvision Webserver Vulnerability, Atlassian Confluence OGNL RCE Vulnerability,
Microsoft Exchange Server RCE Vulnerabilities etc. See the full list at:
https://www.fortiguard.com/outbreak-alert Links to dedicated reports on each
published outbreak by FortiGuard Labs are added to Additional Resources section
below.
View the full Outbreak Alert Report
In the year 2022, FortiGuard IPS and FortiGuard AV/Sandbox blocked three
trillion and six trillion hits respectively from vulnerabilities, malware and
0-day attacks. Those encompassed several thousand varieties of Remote Code
Execution, Cross-Site Scripting, Elevation of Privilege, Denial of Service,
Trojans, Exploits. FortiGuard Labs alerted customers with numerous critical
threats throughout the year based on factors such as proof-of-concept, attack
vectors, impact, ease of attack, dependencies, and more. This annual report
covers:>
View the full Outbreak Alert Report
A new campaign conducted by the Lazarus Group is seen employing new DLang-based
Remote Access Trojans (RATs) malware in the wild. The APT groups has been seen
to target manufacturing, agricultural and physical security companies by
exploiting the Log4j vulnerability and using it for initial access leading to a
C2 (command and control) channel with the attacker.
View the full Outbreak Alert Report
AFFECTED PRODUCTS
Apache Log4j before version 2.16
Apache Log4j version 1.2
IMPACT
System Compromise: Remote attacker can gain control of vulnerable systems.
RECOMMENDED ACTIONS
Apply the most recent upgrade or patch from the vendor
https://logging.apache.org/log4j/2.x/security.html
TELEMETRY
COVERAGE
IPS (Regular DB) IPS (Extended DB)
VERSION UPDATES
Date Version Detail 2022-09-29 22.404 Sig Added 2022-08-24 21.380 Sig Added
2022-06-21 21.342 Sig Added 2022-06-15 21.339 Sig Added 2022-06-13 21.337 Sig
Added 2022-06-04 21.331 Sig Added 2022-05-18 20.318 Sig Added 2022-05-04 20.309
Sig Added 2022-05-02 20.307 Sig Added 2022-04-19 20.300 Sig Added
ID 51006 Created Dec 10, 2021 Updated Apr 17, 2023 Outbreak Alert Log4j2
Vulnerability CISAtop20_PRC2022 2022 Annual Report Lazarus RAT Attack Threat
Signal View Report Risk CVE ID CVE-2021-4104 CVE-2021-45046 CVE-2021-44228 Known
Exploited Yes Exploit Prediction Score 97.56% Default Action drop Active
Affected OS All Affected App Apache
* Contact Us
* Legal
* Privacy
* Partners
* Feedback
*
*
*
*
*
Copyright © 2024 Fortinet, Inc. All Rights Reserved.
This site uses cookies. Some are essential to the operation of the site; others
help us improve the user experience. By continuing to use the site, you consent
to the use of these cookies. To learn more about cookies, please read our
privacy policy.
Accept