Please note this CTI alert contains 3 Sections – Apple’s Safari, VMware, and NETGEAR vulnerabilities
Apple Patches 4 RCE Vulnerabilities in Safari
Apple has released a security update to address 4 Remote Code Execution vulnerabilities in Safari.
The patches are available for macOS Big Sur and macOS Catalina.
All 4 vulnerabilities are memory corruption issues in the WebKit component that may lead to Remote Code Execution.
- Safari prior to version 15.
CYREBRO recommends updating relevant products up to the latest available releases which fix these issues (Safari version 15, at the very least)
References: Apple Security Advisories
VMware Patches Critical RCE Vulnerability in vCenter Server
VMware has patched a Critical Severity Remote Code Execution vulnerability affecting multiple vCenter Server versions.
In total, VMware addressed 19 vulnerabilities affecting vCenter Server and Cloud Foundation.
- CVE-2021-22005 – Arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafter file.
- vCenter Server 7.0.
- vCenter Server 6.7.
- Cloud Foundation (vCenter Server) 4.x.
- Cloud Foundation (vCenter Server) 3.x.
CYREBRO urges all clients to update relevant products in accordance with the following list:
- vCenter Server 7.0 – Update to version 0 U2c.
- vCenter Server 6.7 – Update to version 7 U3o.
- Cloud Foundation (vCenter Server) 4.x – Apply the 7.0 2d update by following these steps.
- Cloud Foundation (vCenter Server) – Apply the 6.7 3o update by following these steps.
For further information regarding all 19 addressed vulnerabilities, visit the VMware Security Advisory.
If there are any difficulties with mitigation at this point, apply the following workaround provided by VMware.
References: VMware Security Advisory
NETGEAR Patches Critical RCE Vulnerability Affecting Small Offices/Home Offices Routers
NETGEAR has addressed a Critical Remote Code Execution vulnerability found in the Circle parental control service, affecting 11 Small Offices/Home Offices (SOHO) NETGEAR routers.
- CVE-2021-40847 – The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a Man-in-the-Middle (MitM) attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default.
NETGEAR Router Models:
- R6400v2 (fixed in firmware version 4.120)
- R6700 (fixed in firmware version 2.26)
- R6700v3 (fixed in firmware version 4.120)
- R6900 (fixed in firmware version 2.26)
- R6900P (fixed in firmware version 142_HOTFIX)
- R7000 (fixed in firmware version 11.128)
- R7000P (fixed in firmware version 3.142_HOTFIX)
- R7850 (fixed in firmware version 5.76)
- R7900 (fixed in firmware version 4.46)
- R8000 (fixed in firmware version 4.76)
- RS400 (fixed in firmware version 1.80)
CYREBRO recommends updating relevant products up to the latest available firmware, according to the fixed versions listed in the “Affected Products” section above.
To download the latest firmware for your NETGEAR product:
- Visit NETGEAR Support.
- Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
- Click Downloads.
- Under Current Versions, select the first download whose title begins with Firmware Version.
- Click Release Notes.
- Follow the instructions in the firmware release notes to download and install the new firmware.