Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Kavan
Advisor
Jump to solution

nessus flags log4j on Identity awareness servers

Hi all, we are seeing nessus flag our identity awareness server running IDC.

 

  Path              : C:\Program Files (x86)\CheckPoint\Identity Collector\ISE-Extension-shade.jar
  Installed version : 1.2.15

I responsed that we are on the latest  build We're running 81.035.0000

and attached Check Point's response to Apache Log4j Remote Code Execution

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

It's deemed part of Quantum and unaffected to my knowledge.

Do you use the Cisco ISE integration?

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
12 Replies
Chris_Atkinson
Employee Employee
Employee

How is Nessus making it's determination and have you raised it for investigation with TAC?

@Royi_Priov 

CCSM R77/R80/ELITE
0 Kudos
stallwoodj
Collaborator

Hi, our customer's Nessus is also seeing this alert, it appears to detected this when given credentials to access the C$ share.

I'm going to raise an SR and will report back.

 

Thanks

Jamie

0 Kudos
Chris_Atkinson
Employee Employee
Employee

IDC was previously analysed and isn't vulnerable.

Are you currently running the latest IDC version per: sk134312?

CCSM R77/R80/ELITE
0 Kudos
stallwoodj
Collaborator

Hi Chris,

Yes, we installed Collector version 81.40 dated Sep-2022. 

0 Kudos
stallwoodj
Collaborator

Just waiting for confirmation from TAC, as it's not a product listed as unaffected as per sk176865.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

It's deemed part of Quantum and unaffected to my knowledge.

Do you use the Cisco ISE integration?

CCSM R77/R80/ELITE
0 Kudos
stallwoodj
Collaborator

Hi Chris,

No we don't, only LDAPS to on-prem AD. Hopefully it's safe to remove ISE-Extension-shade.jar

 

Thanks

Jamie

0 Kudos
stallwoodj
Collaborator

TAC confirmed that the Identity Collector for Windows (81.040) is unaffected.

In any case, if you aren't using ISE then the JAR can be removed without the service failing from my testing.

Thanks

Jamie

0 Kudos
Chris_Atkinson
Employee Employee
Employee

FWIW Avoiding the scan result in this manner shouldn't be necessary with the next IDC client release.

CCSM R77/R80/ELITE
0 Kudos
EY
Participant

Any idea when that next IDC client release might be?  This has been an issue for over a year now.

0 Kudos
PhoneBoy
Admin
Admin

In the coming weeks. @Royi_Priov 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

R81.069.0000 is now available per sk134312

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events