exploitDog

CVE-2021-36798

Опубликовано: 09 авг. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.

Ссылки

https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/
Exploit
Third Party Advisory
https://www.cobaltstrike.com/releasenotes.txt
Release Notes
Vendor Advisory
https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/
Exploit
Third Party Advisory
https://www.cobaltstrike.com/releasenotes.txt
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:helpsystems:cobalt_strike:4.2:*:*:*:*:*:*:*

cpe:2.3:a:helpsystems:cobalt_strike:4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.27683

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

GHSA-6vhg-vrw5-pm3f

github

больше 3 лет назад

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.

EPSS

Процентиль: 96%

0.27683

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770