search cancel

Patching Endpoint Detection and Response for CVE-2021-45046, CVE-2021-44228 and CVE-2021-45105

book

Article ID: 230254

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

Is Endpoint Detection and Response (EDR) vulnerable to the remote code execution vulnerability described in CVE-2021-45046, CVE-2021-44228 and CVE-2021-45105 ? If so, how can EDR be patched?

Resolution

The Symantec EDR team investigated the log4j vulnerability described in CVE-2021-45046 and CVE-2021-44228.  Some components of the EDR on-premises appliance contain log4j versions that are known to be exposed to the vulnerability and may be impacted.  

To address CVE-2021-45046 we have released a patch/hotfix. This patch (atp-patch-generic-4.6-1) is applicable to EDR 4.6.0, 4.6.5, and 4.6.7. If SEDR Version is less than 4.6.0 then please upgrade to latest EDR Version 4.6.8.

To address CVE-2021-44228 Symantec strongly recommends to upgrade EDR Version to EDR 4.6.8, The upgrade also takes care of CVE-2021-45046.

i.e If SEDR is on version 4.6.8 both the CVE's (CVE-2021-45046 /CVE-2021-44228) are addressed.

 

To install patch atp-generic-4.6-1

  1. At the admin CLI of EDR, type:
    show -v

  2. If the current version is 4.6.0, 4.6.5, or 4.6.7, proceed to step 5. If you are on a prior version, then type:
    update download

  3. If no errors occur during update download, type:
    update install

  4. Updating the software version may require up to two reboots of EDR appliance before continuing. Once on 4.6.8, there is no need to apply the patch atp-patch-generic-4.6-1

  5. To confirm the installed patches, type:
    patch list_installed

  6. If "atp-patch-generic-4.6-1" appears in the output, the EDR appliance is already patched for this issue. No further action is needed for this particular EDR appliance.
    To check for the patch in the download repository, type:
    patch list

  7. If "atp-patch-generic-4.6-1" does not appear in the download repository, please contact support for further assistance and reference KB #. Also copy and paste the output from this command into the case comments.
    To download the patch, type:
    patch download atp-patch-generic-4.6-1

  8. To install the patch, type:
    patch install atp-patch-generic-4.6-1

  9. During patch installation, the patch restarts services, making the UI temporarily unavailable. If the UI remains unavailable after an hour, please file a support ticket for further assistance.
     

Additional Information