Serious Vulnerabilities Discovered in AWS’s Log4Shell Patches

21
Serious Vulnerabilities Discovered in AWS__39;s Log4Shell Patches

According to Palo Alto Networks, hot fixes released by Amazon Web Services (AWS) in response to recent Log4j vulnerabilities might be used for privilege escalation or container escape.

The Log4Shell vulnerability in Apache Log4j, which was revealed in December 2021, allows attackers to remotely execute arbitrary code and take control of susceptible computers. AWS responded by releasing a series of patches – each tailored to a specific environment, such as servers, Kubernetes, Elastic Container Service (ECS), and Fargate.

The patches would search down and repair vulnerable apps and containers on the fly. CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, and CVE-2022-0071 are the four vulnerabilities found.

Read More: https://www.securityweek.com/serious-vulnerabilities-found-awss-log4shell-hot-patches