CVE-2021-36798

Published: Aug 9, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.

Affected (2)

Products: Helpsystems: Cobalt Strike

Helpsystems

1 product

Cobalt Strike

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Helpsystems Cobalt Strike	Version 4.2
Helpsystems Cobalt Strike	Version 4.3

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.cobaltstrike.com/releasenotes.txt

Source: cve@mitre.org

Release NotesVendor Advisory

https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.cobaltstrike.com/releasenotes.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.