PT-2021-21365 · Helpsystems · Cobalt Strike

Gal Kristal

Published

2021-08-09

Updated

2021-08-17

CVE-2021-36798

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HelpSystems Cobalt Strike versions 4.2 through 4.3

Description A Denial-of-Service (DoS) issue was discovered in Team Server. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.

Recommendations For versions 4.2 and 4.3, consider temporarily restricting access to the Team Server to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2021-36798

Affected Products

Cobalt Strike

PT-2021-21365 · Helpsystems · Cobalt Strike

CVE-2021-36798

Weakness Enumeration

Related Identifiers

Affected Products

References · 10