A vulnerability has been discovered in Samba which could allow for arbitrary code execution. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Successful exploitation of this vulnerability could result in arbitrary code execution as root on affected Samba installations that use the VFS module vfs_fruit. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (Underscore.js) was found to contain a vulnerability, and an updated version has been made available by the provider.
Out of caution and in line with good practice, Tenable has opted to upgrade the Underscore.js component to address the potential impact of the issue. Nessus 10.1.0 updates Underscore.js to version 1.13.1 to address the identified vulnerability.
It was discovered that IPython, an enhanced interactive Python shell,
executed config files from the current working directory, which could
result in cross-user attacks if run from a directory multiple users
may write to.
It was discovered that missing input sanitising in python-nbxmpp, a
Jabber/XMPP Python library, could result in denial of service in clients
based on it (such as Gajim).
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Monterey is the 18th and current major release of macOS.
macOS Big Sur is the 17th release of macOS.
macOS Catalina is the 16th major release of macOS
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Safari is a graphical web browser developed by Apple.
FortiGuard Labs is aware that VMware disclosed a critical vulnerability (CVE-2021-22005) on September 21st, 2021 that affects vCenter Server versions 6.7 and 7.0. A malicious attacker with network access to port 443 on vCenter Server can exploit the vulnerability and can execute code on vCenter Server upon successful exploitation. The VMware advisory was updated on September 24th that the vulnerability is being exploited in the wild. In addition, exploit code is publicly available.Why is this Significant?VMware has one of the highest market shares in the server virtualization market so the vulnerability can have widespread affect. Also, some public reports indicate that CVE-2021-22005 is being exploited in the wild. With exploit code being publicly available, more attackers are expected to leverage the security bug. Because of the potential impact the vulnerability has in the field, CISA released an advisory on September 24th, 2021.What are the Details of the Vulnerability?Details of the vulnerability have not been disclosed by VMware.Has VMware Released an Advisory for CVE-2021-22005?Yes, the vendor released a cumulative advisory on September 21st, 2021. See the Appendix for a link to VMSA-2021-0020.1. The vendor also released a supplemental blog post and an advisory. See the Appendix to a link to “VMSA-2021-0020: What You Need to Know” and “VMSA-2021-0020: Questions & Answers”.Has the Vendor Released a Patch?Yes. VMware released a patch on September 21st, 2021.Any Mitigation and or Workarounds?VMware provided workarounds in a blog. See the Appendix to a link to “Workaround Instructions for CVE-2021-22005 (85717)”.What is The Status of Coverage?FortiGuard Labs is investigating for IPS protection. This Threat Signal will be updated with protection information as it becomes available.