Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3654
Views
15
Helpful
8
Replies

ACI / APIC Log4j Vulnerability

tobycth3
Level 1
Level 1

‎12-15-2021 11:51 AM

I see APIC listed on CVE-2021-44228 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd but little to no details confirming if ACI vulnerable. Does anyone have any information if the APICs do indeed leverage Log4j and any mitigation steps that could be put in place if it does?

1 person had this problem
Labels:
0 Helpful
8 Replies 8

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎12-15-2021 02:52 PM

It is mentioned in the link you shared that APIC is not affected.

 

Robert Burns
Cisco Employee
Cisco Employee

‎12-21-2021 05:52 AM - edited ‎01-10-2022 10:43 AM

APIC has now been affected via the Nexus Insights Base app (aka Nexus Insights Cloud Connector) app package which comes pre-installed.  No fix for this yet, but to avoid the vulnerability, please remove this app via App Center until you can upgrade the fabric to a patched version.  Tracking as CDET CSCwa47295.

Robert

Network_Sarovani
Level 3
Level 3
In response to Robert Burns

‎01-10-2022 10:35 AM

@Robert Burns How to check if this app is installed or disabled in APIC GUI ?

 

 

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee
In response to Network_Sarovani

‎01-10-2022 10:47 AM

You need to remove the App completely (there is no disable).  You can verify this from the CLI as well:

apic1# acidiag scheduler appstatus

Job App Type Status
---------------------------------------------------------------------------
Cisco_ApicVision-SystemService Cisco_ApicVision system running
Cisco_ApicVision-service-jobs Cisco_ApicVision service error
Cisco_ExternalSwitch-service-job Cisco_ExternalSwitch service error
Cisco_NIBASE-ClusterService Cisco_NIBASE service running <<<<<< (shows NI Base is running)
Cisco_NIBASE-SystemService Cisco_NIBASE system running <<<<<< (shows NI Base is installed)
bird_kafka-kafka bird_kafka system running
bird_zk-zk bird_zk system running
elastic-systemjob-medium elastic system running
elastic-systemjob-large elastic system running
elastic-systemjob-small elastic system running
intersightdc-systemjob-small intersightdc system running
//snip

 

Once NI Base has been deleted from App Center, it will not appear in the output above.

Robert

0 Helpful

Network_Sarovani
Level 3
Level 3
In response to Robert Burns

‎01-10-2022 11:26 AM

Thank you  

0 Helpful

joezersk
Cisco Employee
Cisco Employee

‎01-12-2022 03:15 AM - edited ‎01-12-2022 03:17 AM

The NI Base App vulnerability has been fixed in 5.2(3g).  Release notes here.

 

Note, APIC itself it not affected by Log4J, just the NI Base app. It should also be made clear that in order to exploit the NI Base app, one first needs to authenticate to APIC.  I'd argue (my opinion only) that if the bad guys had authentication privs to your APIC, you have larger things to worry about!

 

Leaf and Spine firmware is not vulnerable to Log4j issues.  

 

 

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee

‎03-18-2022 07:11 AM - edited ‎03-18-2022 07:12 AM

To close the loop, software versions which are patched in both our current long lived releases include 4.2(7r)+ and 5.2(3g)+.   If you are running these releases or later, its safe to re-enable the NI Base application once again. 
Thanks,

Robert

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License