topic Re: nessus flags log4j on Identity awareness servers in Firewall and Security Management

nessus flags log4j on Identity awareness servers

Daniel_Kavan — Tue, 23 Aug 2022 20:29:43 GMT

Hi all, we are seeing nessus flag our identity awareness server running IDC.

  Path              : C:\Program Files (x86)\CheckPoint\Identity Collector\ISE-Extension-shade.jar
  Installed version : 1.2.15

I responsed that we are on the latest build We're running 81.035.0000

and attached Check Point's response to Apache Log4j Remote Code Execution

Re: nessus flags log4j on Identity awareness servers

Chris_Atkinson — Tue, 13 Dec 2022 03:24:17 GMT

How is Nessus making it's determination and have you raised it for investigation with TAC?

@Royi_Priov

Re: nessus flags log4j on Identity awareness servers

stallwoodj — Mon, 11 Sep 2023 10:43:27 GMT

Hi, our customer's Nessus is also seeing this alert, it appears to detected this when given credentials to access the C$ share.

I'm going to raise an SR and will report back.

Thanks

Jamie

Re: nessus flags log4j on Identity awareness servers

Chris_Atkinson — Mon, 11 Sep 2023 11:58:46 GMT

IDC was previously analysed and isn't vulnerable.

Are you currently running the latest IDC version per: sk134312?

Re: nessus flags log4j on Identity awareness servers

stallwoodj — Mon, 11 Sep 2023 11:09:09 GMT

Hi Chris,

Yes, we installed Collector version 81.40 dated Sep-2022.

Re: nessus flags log4j on Identity awareness servers

stallwoodj — Mon, 11 Sep 2023 15:03:14 GMT

Just waiting for confirmation from TAC, as it's not a product listed as unaffected as per sk176865.

Re: nessus flags log4j on Identity awareness servers

Chris_Atkinson — Mon, 11 Sep 2023 15:27:56 GMT

It's deemed part of Quantum and unaffected to my knowledge.

Do you use the Cisco ISE integration?

Re: nessus flags log4j on Identity awareness servers

stallwoodj — Mon, 11 Sep 2023 16:25:23 GMT

Hi Chris,

No we don't, only LDAPS to on-prem AD. Hopefully it's safe to remove ISE-Extension-shade.jar

Thanks

Jamie

Re: nessus flags log4j on Identity awareness servers

stallwoodj — Wed, 13 Sep 2023 14:56:00 GMT

TAC confirmed that the Identity Collector for Windows (81.040) is unaffected.

In any case, if you aren't using ISE then the JAR can be removed without the service failing from my testing.

Thanks

Jamie

Re: nessus flags log4j on Identity awareness servers

Chris_Atkinson — Wed, 13 Sep 2023 15:19:18 GMT

FWIW Avoiding the scan result in this manner shouldn't be necessary with the next IDC client release.

Re: nessus flags log4j on Identity awareness servers

EY — Thu, 21 Sep 2023 17:59:17 GMT

Any idea when that next IDC client release might be? This has been an issue for over a year now.

Re: nessus flags log4j on Identity awareness servers

PhoneBoy — Thu, 21 Sep 2023 20:07:00 GMT

In the coming weeks. @Royi_Priov

Re: nessus flags log4j on Identity awareness servers

Chris_Atkinson — Fri, 08 Dec 2023 01:04:21 GMT

R81.069.0000 is now available per sk134312