Security Notice: Apache Log4j Remote Code Execution (RCE) Log4shell Vulnerability (CVE-2021-44228)
Apache Log4j project disclosed CVE-2021-44228, which is a Critical (CVSS 10.0) remote code execution vulnerability affecting Apache Log4j2 version<= 2.14.1. A subsequent security patch was released on Dec 10, 2021.
SonicWall has observed widespread scanning and exploitation of this vulnerability over the internet using a publicly available PoC (Proof of Concept) exploit. SonicWall is currently investigating its product line to scope and impact, as utilization of Log4j does not immediately suggest exploitation is possible.
Please see the following resources to learn more:
@micah - SonicWall's Self-Service Sr. Manager