What is Log4j?
The Log4j vulnerability allows malicious attackers to execute code remotely on any targeted computer, the Apache Software Foundation disclosed a security vulnerability in a widely-used Java software library called Log4j.
What is the impact on Prime?
Cisco Prime infrastructure uses Log4j Java logging library and impact is all Log4j2 versions earlier than 2.15.0.
How do we solve the problem?
Apache has released a new update for Log4j . Cisco Prime infrastructure also provides the security vulnerability patch to mitigate this vulnerability.
Cisco Prime infrastructure vulnerability patch:
Prime patches available based on your prime server versions. (Download it from cisco cco site)
- PI_3_10_Update_-1-1.0.4.ubf
- PI_3_8_1_Update_02-1.0.4.ubf
- PI_3_9_1_Update_01-1.0.3.ubf
Note: Please check prime infrastructure base version and corresponding security patch version.
Upgrade steps including pre-requisites:
Pre-requisites: Before applying the security patch, you need to have base version of Prime infrastructure running application to continue with the patch installation.
Steps to install Patch-
- copy the corresponding patch to your local machine (or) on your prime default repro
- Login to prime Webui server using root user
- Go to administration —>Software updates —>Upload the UBF.
- Upload the PI_3_9_1_Update_01-1.0.3.ubf (this is for 3.9, use respective ubf based on your prime server) UBF file and click “Install” button, once installed prime server restarted automatically.
Below reference link for more information about log4j details,
https://wwwin.cisco.com/c/cec/news/global-employee-headlines/log4j-security-vulnerability-our-ongoing-response.html
https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html
https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#cpsir
CVE reference:
zero-day vulnerability (CVE-2021-44228)
Author: Sridharan Krishnachetty (sridhkri)
