With news of the high severity Log4j vulnerability (CVE-2021-44228) breaking on Friday, December 10, the NinjaOne Security, Engineering, and Support organizations immediately went to work reviewing all of our systems and components. We were able to confirm early on and inform our partners that NinjaOne systems are NOT impacted by this vulnerability.
Due to the severe and widespread nature of this vulnerability, our teams are continuing to actively monitor the situation, and are ready to respond and provide additional information if necessary.
Update 12/16/21: We can also confirm that Ninja systems are NOT impacted by CVE-2021-45046.
If you are looking for more information re: Log4j advisories, scanning, and mitigation, see the links below. We've also published a walkthrough showing an example of how to deploy any of the many available scanning scripts available.
Additional resources
- CVE-2021-44228 description from the U.S. National Vulnerability Database
- CompTIA ISAO has made Log4j vulnerability threat intelligence and discussion available to anyone, no membership required
- Good overview and live updates from Huntress
- Large list of vendor advisories, sorted by affected/unaffected status
- CVE-2021-44228 vulnerability testing tool from Huntress and CNWR VP of Technology Jason Slagle
- YARA rules and grep commands for detecting possible CVE-2021-44228 exploitation
Updated additions
