CVE-2021-36798 — HIGH (7.5)

Vulnerability Description

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Helpsystems	Cobalt Strike	4.2

Related Weaknesses (CWE)

CWE-770

References

https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-ExploitThird Party Advisory
https://www.cobaltstrike.com/releasenotes.txtRelease NotesVendor Advisory
https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-ExploitThird Party Advisory
https://www.cobaltstrike.com/releasenotes.txtRelease NotesVendor Advisory

FAQ

What is CVE-2021-36798?

CVE-2021-36798 is a vulnerability with a CVSS score of 7.5 (HIGH). A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communicatio...

How severe is CVE-2021-36798?

CVE-2021-36798 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-36798?

Check the references section above for vendor advisories and patch information. Affected products include: Helpsystems Cobalt Strike.