Please see Security Advisories for the week ending October 1, 2021
- VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
- Google Releases Security Updates for Chrome
- Apple Releases Security Updates for Multiple Products
- Cisco Releases Security Updates for Multiple Products
- CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
- NETGEAR Releases Security Updates for RCE Vulnerability
_______________________________
VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
Situation
On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service.
Problem
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service where by a malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Implication
A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server.
Need
To mitigate CVE-2021-22005, CISA strongly urges critical infrastructure entities and other organizations with affected vCenter Server versions to u upgrade to a fixed version as quickly as possible, as well as applying the temporary workaround provided by VMware, if unable to upgrade to a fixed version immediately.
For a brief overview:
For a more technical overview:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
________________________________
Google Releases Security Updates for Chrome
Situation
Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux.
Problem
This version addresses a vulnerability—CVE-2021-37973
Implication
Google is reserving the details of the vulnerability until a majority of users are updated with a fix.
Need
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
________________________________
Apple Releases Security Updates for Multiple Products
Situation
Apple has released security updates for multiple products including Safari, Xcode, tvOS, watchOS, iOS, iPadOS, and iTunes.
Problem
Vulnerabilities found include arbitrary code execution, memory corruption, application termination, and more.
Implication
A remote attacker who is able to successfully exploits some of these vulnerabilities can allow them to take control of an affected device.
Need
Apply latest updates for the associated Apple products.
Safari: https://support.apple.com/en-us/HT212816
Xcode 13: https://support.apple.com/en-us/HT212818
tvOS 15: https://support.apple.com/en-us/HT212815
watchOS 8: https://support.apple.com/en-us/HT212819
iPadOS 15: https://support.apple.com/en-us/HT212814
iTunes: https://support.apple.com/en-us/HT212817
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/apple-releases-security-updates
For a more technical overview:
https://support.apple.com/en-us/HT212825
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
Problem
The vulnerabilities and products mentioned are multitudinous to mention here, but briefly the types of vulnerabilities include: buffer overflow, remote code execution, authentication bypass, denial of service, privilege escalation, ICMP/UDP inspection, and command injection.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
Situation
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks.
Problem
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international organizations, encrypt the targeted organizations’ servers and workstations, and demand a ransom payment from the victims.
Implication
CISA, FBI, and NSA encourage network defenders to examine their current cybersecurity posture and apply the recommended mitigations in the joint CSA.
Need
CISA encourages users and administrators to review the Microsoft Security Advisory to apply the necessary updates.
For a brief overview:
For a more technical overview:
https://us-cert.cisa.gov/ncas/alerts/aa21-265a
________________________________
NETGEAR Releases Security Updates for RCE Vulnerability
Situation
NETGEAR has released security updates that address RCE (CVE-2021-40847) in multiple routers.
Problem
An RCE was found in multiple models including:
· R6400v2
· R6700
· R6700v3
· R6900
· R6900P
· R7000
· R7000P
· R7850
· R7900
· R8000
· RS400
Implication
A remote attacker who is able to successfully exploits some of these vulnerabilities can allow them to take control of an affected device.
Need
Apply the latest patch as soon as possible.
For more information: https://kb.netgear.com/000064039/Security-Advisory-for-Remote-Code-Execution-on-Some-Routers-PSV-2021-0204