Support Center > Search Results > SecureKnowledge Details
Check Point's response to Apache Log4j Remote Code Execution Technical Level
Solution

On December 10, 2021, a proof of concept of a vulnerability in the Apache Log4j Java library CVE-2021-44228 was published.
The vulnerability may allow unauthenticated threat actors to obtain remote code execution. The severity of the vulnerability was deemed critical.


The Check Point Infinity architecture is protected against this threat. We verified that this vulnerability does not affect our Infinity portfolio (including Quantum Gateways, SMART Management, Harmony Endpoint, Harmony Mobile, SMB, ThreatCloud and CloudGuard). We will continue to update you on any new development of this significant security event.

In addition - all of Check Point's products are covered against:
  • CVE-2021-44228 – Remote code execution is not possible due to Check Point’s hardened Java environment.
  • CVE-2021-45046 – The vulnerable patterns are not used by Check Point.
  • CVE-2021-4104   – JSMAppender is not used by Check Point.
  • CVE-2021-45105 – The vulnerable patterns are not used by Check Point.
  • CVE-2021-44832 – The logging configuration file is accessible to the authenticated Expert user only.

Check Point Products Status

Product Status
Quantum Security Gateway Not vulnerable
Quantum Security Management Not vulnerable
CloudGuard Not vulnerable
Infinity Portal Not vulnerable
Harmony Endpoint & Harmony Mobile Not vulnerable
Harmony Connect Not vulnerable
SMB Not vulnerable
ThreatCloud Not vulnerable

Notes:
- All Check Point's software versions including out of support versions are not vulnerable 
- All appliances are not vulnerable.

Visit the Check Point blog for additional information: Protecting against CVE-2021-44228 (Apache Log4j2 versions 2.14.1)


IPS Protection

Check Point released an Apache Log4j Remote Code Execution (CVE-2021-44228) IPS protection with this Threat Prevention coverage against the Apache Log4j vulnerability.
For more information on how to verify if your setup already contains the fix and to update the IPS profile with the latest protection, see sk176884.

Check Point recommends activating HTTPS Inspection (in the Security Gateway properties -> HTTPS Inspection view), as the attack payload may appear in encrypted or decrypted traffic.

Additionally, Apache provides a Log4j patch to mitigate this vulnerability. Users may update their version accordingly. For Apache's remediation options, visit (CVE-2021-44228).


Related solutions:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment