Check Point's response to Apache Log4j Remote Code Execution

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk176865
Technical Level
Severity	Info
Product	Quantum Security Gateways, Quantum Security Management, Infinity Portal, Harmony Endpoint, Harmony Mobile, Harmony Connect, Quantum Spark Appliances, Infinity ThreatCloud, CloudGuard Posture Management
Version	R80.40, R81, R81.10, R81.20
Date Created	10-Dec-2021
Last Modified	22-Dec-2022

Solution

On December 10, 2021, a proof of concept of a vulnerability in the Apache Log4j Java library CVE-2021-44228 was published.
The vulnerability may allow unauthenticated threat actors to obtain remote code execution. The severity of the vulnerability was deemed critical.

The Check Point Infinity architecture is protected against this threat. We verified that this vulnerability does not affect our Infinity portfolio (including Quantum Gateways, SMART Management, Harmony Endpoint, Harmony Mobile, SMB, ThreatCloud and CloudGuard). We will continue to update you on any new development of this significant security event.

In addition - all of Check Point's products are covered against:

CVE-2021-44228 – Remote code execution is not possible due to Check Point’s hardened Java environment.
CVE-2021-45046 – The vulnerable patterns are not used by Check Point.
CVE-2021-4104 – JSMAppender is not used by Check Point.
CVE-2021-45105 – The vulnerable patterns are not used by Check Point.
CVE-2021-44832 – The logging configuration file is accessible to the authenticated Expert user only.

Check Point Products Status

Product	Status
Quantum Security Gateway	Not vulnerable
Quantum Security Management	Not vulnerable
CloudGuard	Not vulnerable
Infinity Portal	Not vulnerable
Harmony Endpoint & Harmony Mobile	Not vulnerable
Harmony Connect	Not vulnerable
SMB	Not vulnerable
ThreatCloud	Not vulnerable

Notes:
- All Check Point's software versions including out of support versions are not vulnerable
- All appliances are not vulnerable.

Visit the Check Point blog for additional information: Protecting against CVE-2021-44228 (Apache Log4j2 versions 2.14.1)

IPS Protection

Check Point released an Apache Log4j Remote Code Execution (CVE-2021-44228) IPS protection with this Threat Prevention coverage against the Apache Log4j vulnerability.
For more information on how to verify if your setup already contains the fix and to update the IPS profile with the latest protection, see sk176884.

Check Point recommends activating HTTPS Inspection (in the Security Gateway properties -> HTTPS Inspection view), as the attack payload may appear in encrypted or decrypted traffic.

Additionally, Apache provides a Log4j patch to mitigate this vulnerability. Users may update their version accordingly. For Apache's remediation options, visit (CVE-2021-44228).

Related solutions:

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating