Plugin releases will be released after new vulnerable versions are identified, but there's always going to be a gap in the process and some software, particularly customized software, that either never gets identified or isn't identified in the near term. Check your current and past scan results for any indicators of Log4j in your environment. There are 19 plugins (below) prior to Dec 2021 where the plugin name references Log4j or Log4Shell that are not related to these Log4j CVEs and thus not included in the Log4Shell Ecosystem Wrapper, but may still be useful to help you identify any Log4J instances in your environment.The Log4Shell Vulnerability Ecosystem policy template (additional info below) is the dynamic template that's being updated with new plugins tied to these CVEs and new plugins that are released. There are new plugins being released daily for newly identified vulnerabilities and newly affected software. At a minimum, run the Log4Shell policy templates available for Nessus Professional, Tenable.sc, and Tenable.io daily. Note that some of the Tenable plugin names refer to Log4j and others refer to Log4Shell, so if you're filtering results based on Plugin Names, be sure to look for both or use 'log4' as your search parameter and filter out any miscellaneous plugins that do not apply (e.g., log4net).Below are some tips for identifying Log4J/Log4Shell in your environment using Tenable Nessus products:
0 kommentar(er)
