INSZoom On Premise Updates (ACTION REQUIRED BY CUSTOMER)

INSZoom: The core INSZoom application is not affected by the Log4J vulnerabilities, CVE-2021-45046 and CVE-2021-44228.

Integrations:

Cisco DUO: Cisco DUO usage in Hosted INSZoom is consumed via api to Cisco’s DUO Cloud. Log4J Information on Duo Security cloud offering is located here. 

Elasticsearch: Elasticsearch 6 and 7 are not susceptible to remote code execution with this vulnerability due to the use of the Java Security Manager.

Ref: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

Ref: https://discuss.elastic.co/t/elasticsearch-5-0-0-5-6-10-and-6-0-0-6-3-2-log4j-cve-2021-44228-cve-2021-45046-remediation/292054

However, it is best practice to completely remove the vulnerable class wherever possible to remediate Log4J JNDI vulnerabilities as there have been other vulnerabilities in Log4J since CVE-2021-44228.

To remove the Log4J JNDI lookup class in ElasticSearch:

·         Navigate to the in-use Elasticsearch directory <ELASTICSEARCH DIRECTORY>elasticsearch-*\lib

·         Locate the log4j-core*.jar file

·         Make a backup of the log4j-core*.jar file and store it in a secure location.

·         Stop all ElasticSearch Services.

·         Open the log4j-core*.lib file with a ZIP archive utility such as 7-zip.

·         Navigate inside the log4j-core*.jar file and delete the JndiLookup.class located in org/apache/logging/log4j/core/lookup/JndiLookup.class

·         Close the archive reader

·         Open the log4j-core*.jar file with a ZIP archive reader such as 7zip or Winzip and validate that the Jndilookup.class is removed from the jar file.

·         After confirming that the vulnerable class is removed, Start all ElasticSearch Services

·         Repeat this process on all ElasticSearch nodes