This alert is part of NHS Digital's wider response to the Log4Shell remote code execution vulnerability. For more information on Log4Shell itself, please visit our cyber alerts article Log4Shell RCE Vulnerability CC-3989.

NHS and social care organisations are invited to use the Cyber Associates Network to find out additional information and participate in discussion about the Log4Shell remote code execution vulnerability and affected products.

Introduction

Ivanti has released security updates to address the Log4Shell vulnerability in their MobileIron, File Director, and Avalanche products. A remote unauthenticated attacker could exploit the Log4Shell vulnerabilities to take control of affected systems.

In December 2021, NHS Digital issued a high severity alert for the affected MobileIron products as they sit in the DMZ and are vulnerable to a RCE attack due to the Log4Shell vulnerability.

Remediation advice

Affected organisations should review the CVE-2021-44228 - Java logging library (log4j) - Ivanti Products Impact Mapping advisory and apply the necessary updates and workarounds.

Remediation steps

Type	Step
Patch	Ivanti MobileIron Core, MobileIron Sentry (Core/Cloud), and MobileIron Core Connector https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US
Patch	Ivanti File Director https://forums.ivanti.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-and-Ivanti-File-Director-CVE-2021-44228?language=en_US
Patch	Ivanti Avalanche https://forums.ivanti.com/s/article/CVE-2021-44228-Avalanche-Remote-code-injection-Log4j?language=en_US

Definitive source of threat updates

Last edited: 17 January 2022 4:43 pm