SonicWALL Firewalls will work against Apache Log4j2 Remote Code Execution CVE-2021-44228?
May I know the SonicWALL firewalls will work against the latest Apache vulnerability? Apache Log4j2 Remote Code Execution CVE-2021-44228.
Is there any mitigation steps/plan from SonicWALL for this vulnerability?
""On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified being exploited in the wild. Public proof of concept (PoC) code was released, and subsequent investigation revealed that exploitation was incredibly easy to perform. By submitting a specially crafted request to a vulnerable system, depending on how the system is configured, an attacker is able to instruct that system to download and subsequently execute a malicious payload. Due to the discovery of this exploit being so recent, there are still many servers, both on-premises and within cloud environments, that have yet to be patched. Like many high severity RCE exploits, thus far, massive scanning activity for CVE-2021-44228 has begun on the internet with the intent of seeking out and exploiting unpatched systems. We highly recommend that organizations upgrade to the latest version (2.15.0-rc2) of Apache log4j 2 for all systems.""