The scripts in this library come from a variety of sources, including partners and other third parties. While N-able performs initial testing on these scripts, we do not regularly or permanently monitor these scripts, and therefore, we cannot make any guarantees about third-party content. By downloading or using any of these scripts, you agree that they are provided AS IS without warranty of any kind and we expressly disclaim all implied warranties including warranties of merchantability or of fitness for a particular purpose. In no event shall N-able or any other party be liable for any damages arising out of the use of or inability to use these scripts.

N-able suggests as a best practice that scripts should be tested on non-production environments.

Log4j Vulnerability Scanner CVE-2021-44228 RMM

Last Modified Date

5/3/2022 3:22 PM

Description

This is a log4j vulnerability scanner that searches local fixed NTFS drives for any *.jar files containing JndiLookup.class which is a good indicator that a system is vulnerable to CVE-2021-44228 along with other detection methods. Intended use is to help quickly identify Windows systems that may be vulnerable to CVE-2021-44228. If this check fails you will have to perform further incident response on the target system. See the CISA Guidance and GitHub repository for important information about CVE-2021-44228 and recommended remediation and mitigations.

Warning 1: This scanner is not an exhaustive or complete scan of a system for all indicators of CVE-2021-44228. It should be used in conjunction with other discovery processes to ensure identification of systems that require remediation of or mitigation against CVE-2021-44228. 
Warning 2: Since all local drives will be scanned considerations must be made for performance impact to systems with slow drives or large amounts of data causing long scan times. Script timeout may need to be adjusted. 
Warning 3: Due to environmental differences and security controls you may see "Access Denied" warnings when attempting to use this script. These systems may require a manual scan, as an administrator, locally on the device using the raw PowerShell script located
here

Type

Custom Service / Script Check

Category

Windows Third Party Apps

Target OS

Windows 8/8.1;Windows 10;Windows Server 2012 / 2012R2;Windows Server 2016;Windows Server 2019

Compatible with N-central

No

N-central minimum version

Compatible with RMM

Yes

Syntax

MD5 176C2807BFE6EBCD9EC1B3D6C0DB830D

Output

Keywords

CVE-2021-44228 log4j log4shell

Related Content