Rewterz Threat Advisory – CVE-2021-33191 – Apache NiFi MiNiFi C++ Vulnerability

Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs

August 24, 2021

Rewterz Threat Advisory – ICS – Delta Electronics TPEditor Vulnerability

August 25, 2021

Rewterz Threat Advisory – CVE-2021-33191 – Apache NiFi MiNiFi C++ Vulnerability

Severity

High

Analysis Summary

CVE-2021-33191

Apache NiFi MiNiFi C++ could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the agent-update command. By sending a specially-crafted c2-update command with a modified value, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the application binary.

Impact

Unauthorized Access

Affected Vendors

Apache

Affected Products

Apache NiFi MiNiFi C++ 0.5.0

Remediation

Upgrade to the latest version of Apache, available from the Apache Web site.

https://nifi.apache.org/minifi/download.html

Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs

Rewterz Threat Advisory – ICS – Delta Electronics TPEditor Vulnerability

Rewterz Threat Advisory – CVE-2021-33191 – Apache NiFi MiNiFi C++ Vulnerability

Severity

Analysis Summary

CVE-2021-33191

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan