Login Sign Up

CVE-2021-20172

7.8 HIGH

📋 TL;DR

This CVE describes a local privilege escalation vulnerability in Netgear Genie Installer for macOS. An attacker with local access can overwrite specific files during installation to gain root privileges. Only macOS users installing Netgear Genie are affected.

💻 Affected Systems

Products:
  • Netgear Genie Installer
Versions: All known versions prior to patched version
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local access to the macOS system where Netgear Genie is being installed.

📦 What is this software?

Genie Installer by Netgear

View all CVEs affecting Genie Installer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root access, allowing installation of persistent malware, data theft, and full system control.

🟠

Likely Case

Local attacker gains administrative privileges to install additional malware, modify system files, or access protected data.

🟢

If Mitigated

Limited impact with proper access controls preventing unauthorized local access to installation processes.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or remote desktop access to the endpoint.
🏢 Internal Only: HIGH - Any malicious insider or compromised account with local access could exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access and knowledge of vulnerable file paths during installation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Netgear advisory for specific patched version

Vendor Advisory: https://kb.netgear.com/000063723/Security-Advisory-for-Local-Privilege-Escalation-on-NETGEAR-Genie-Installer-for-macOS-PSV-2021-0073

Restart Required: No

Instructions:

1. Uninstall existing Netgear Genie. 2. Download latest version from official Netgear website. 3. Install updated version. 4. Verify installation completed successfully.

🔧 Temporary Workarounds

Remove Netgear Genie

macos

Uninstall Netgear Genie if not required

sudo rm -rf /Applications/Netgear\ Genie.app
sudo rm -rf ~/Library/Application\ Support/Netgear\ Genie

Restrict installation permissions

macos

Limit who can install software on macOS systems

🧯 If You Can't Patch

  • Restrict physical and remote access to affected systems
  • Implement strict privilege separation and monitor for unauthorized privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check if Netgear Genie is installed: ls /Applications/ | grep -i netgear

Check Version:

Check application version in Netgear Genie About menu or package metadata

Verify Fix Applied:

Verify Netgear Genie version matches latest patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized file modifications during Netgear Genie installation
  • Unexpected privilege escalation events
  • Suspicious process creation with root privileges

Network Indicators:

  • None - this is a local attack

SIEM Query:

source="macos" AND (process="installer" OR process="Netgear Genie") AND (event="privilege_escalation" OR event="file_modification")

📊 Metadata

CVE ID: CVE-2021-20172
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-732
Published: December 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20172, you might also want to check these:

CVE-2021-33509 9.9

This vulnerability allows remote authenticated managers in Plone to perform arbitrary disk I/O opera...

Same vulnerability type (CWE-732)
CVE-2024-5618 9.9

This vulnerability allows attackers to access functionality they shouldn't have permission to use in...

Same vulnerability type (CWE-732)
CVE-2023-40622 9.9

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated attack...

Same vulnerability type (CWE-732)