Vulnerability Overview

On 10 December 2021, Apache Log4j2 Remote Code Execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell was announced. This vulnerability exists in some previous versions of Sangfor Cyber Command. Attackers can exploit the vulnerability to run remote code execution and gain total access to the Cyber Command server.  Sangfor has released a patch for this vulnerability.

No other Sangfor Products including IAG, NGAF, Endpoint Secure, HCI, VDI, SSLVPN, WANO and CM are affected at this time.

Versions and Fix

The scope of the vulnerability is for Sangfor Cyber Command versions before v3.0.50. Version 3.0.50 and newer will not be affected. The vulnerability mentioned above can be mitigated by upgrading Cyber Command to v.3.0.50 or v3.0.59.  For customers who have "Allow Automatic Updates" enabled, Cyber Command will have automatically installed the update if online. For customers who do not have automatic updates enabled, Cyber Command needs to be updated manually by installing this patch.


Attackers can use this vulnerability to execute arbitrary code on Cyber Command through RCE, potentially giving the attackers complete access to the server.

Vulnerability Introduction

The Apache log4j library used by Cyber Command allows for developers to log various data within their application. In certain circumstances, the data being logged originates from user input. Should this user input contain special characters and be logged using log4j, the Java method lookup will be called to execute the user-defined remote Java class in the LDAP server. This will in turn lead to RCE on Cyber Command.

Precautions & Measures

  1. Upgrade Cyber Command to version 3.0.50 or later.
  2. Enable automatic updates.
  3. Please make sure that the Internet-facing console access permission of Cyber Command is turned off. If you need to perform remote operation and maintenance, you can use an SSL VPN or other methods to access the intranet first.
  4. Set a whitelist restriction for the login IP address to Cyber Command, allowing access only to security operation and maintenance personnel.

Download the Current Version of Cyber Command

Download the following from the Sangfor Cyber Command Community Download page:

  • Upgrade file for Cyber Command version 3.0.49 and below
  • Latest patch file for Cyber Command
  • Full installation file for the latest version of Cyber Command

Source of vulnerability

National Vulnerability Database (NVD): CVE-2021-44228

Sangfor Security Emergency Response External Service


Any software/patch you download from Sangfor's service page is the copyrighted work of Sangfor and/or its suppliers. Without Sangfor's permission, you may not disclose relevant information to other third parties, and except for service purposes, you may not further repair, modify, distribute, publish, license, transfer, sell the software/patch, try to extract its source code through decompilation or otherwise attempt to extract any or all of the source code. This document does not promise any express, implied, and statutory guarantees, including, but not limited to, warranties of merchantability, non-infringement, or fitness for a particular purpose. Under any circumstances, Sangfor Technologies Inc., or its directly or indirectly controlled subsidiaries shall not be liable for any losses, including direct, indirect, incidental, inevitable loss of business profits or special losses. You shall bear all legal responsibilities arising from your use of this document in any way. Sangfor can modify or update the content and information of this document at any time.



Listen To This Post



Dont Miss Our Newest Article by Subscribing to Sangfor

Related Articles

Cyber Security

Parrot TDS Infects Thousands of Websites for Targeted Malware Distribution

Date : 12 May 2022
Read Now

Cyber Security

What Is A DDOS Attack | How Does It Work | Sangfor Glossary

Date : 05 May 2022
Read Now

Cyber Security

What Is DLP (Data Loss Prevention) | Sangfor Glossary

Date : 05 May 2022
Read Now

See Other Product

SASE Access
Cyber Command - NDR Platform
Endpoint Secure
icon notification