The Apache Log4j exploit is a nasty one, it allows a hacker to basically gain full control of a system. Of course the hacker will need to have network access to your server either via open ports from the internet or from within the network.
This exploit is well documented on the NIST website under the following CVE numbers:
While there are a huge number of vendors affected (see this link to search for affected vendors), this post is only concentrating on VMware vCenter Server and the workaround to protect you from the Apache Log4j exploit.
As soon as you land on the https://customerconnect.vmware.com website, you cannot miss the big red advisory at the top of the page regarding Apache Log4j vulnerability.
Clicking on the advisory link takes you to a list of VMware products that contain the Apache Log4j component along with if the product has a patch available or if you need to perform a work around.
This post, and the video below will only concentrate on the workaround for VMware vCenter Server Appliance. As of today’s date, there is only a workaround available for VMware vCenter server, and as you can see in the table above, VMware are working on a patch.
The steps involved to perform the Apache Log4j workaround include:
- Taking a snapshot of the VMware vCenter Server
- Downloading the script file
- Uploading the script file to the VMware vCenter Server
- Executing the python script which will remove all vulnerable files
- Executing the python script again to check that the vulnerable files have been removed
VMware vCenter Server Apache Log4j Workaround Walkthrough
I’ve created the following video so you can watch step by step how to perform the above, especially if you are not familiar with the VMware vCenter Server CLI or running Python scripts
Once a patch is available for VMware vCenter Server I will create a new post and if necessary a new video.