CVE-2021-36798
published 2021-08-09CVE-2021-36798: A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
4.29%
89.9th percentile
A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| helpsystems | cobalt_strike | — | — |
| helpsystems | cobalt_strike | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Sentinelone
Hotcobalt - New Cobalt Strike DoS Vulnerability That Lets You Halt Operations - SentinelLabs
blogs_sentinelone·2021-08-04·CVSS 7.5
CVE-2021-36798 [HIGH] Hotcobalt - New Cobalt Strike DoS Vulnerability That Lets You Halt Operations - SentinelLabs
## Executive Summary
- Versions 4.2 and 4.3 of Cobalt Strike’s server contain multiple Denial of Service vulnerabilities (CVE-2021-36798).
- The vulnerabilities can render existing Beacons unable to communicate with their C2 server, prevent new beacons from being installed, and have the potential to interfere with ongoing operations.
- We have released a new Python library to help generically parse Beacon communication in order to help the research security community.
## Introduction
Cobalt Strike is one of the most popular attack frameworks designed for Red Team operations. At the same time, many APTs and malicious actors also use it.
SentinelOne has seen numerous attacks involving Cobalt Strike Beacons across our customer base. SentinelOne detects Cobalt Strike Beacon and we are cons
Sentinelone
Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
blogs_sentinelone·2021-08-04·CVSS 7.5
CVE-2021-36798 [HIGH] Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
## Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
## Executive Summary
Versions 4.2 and 4.3 of Cobalt Strike’s server contain multiple Denial of Service vulnerabilities (CVE-2021-36798).
The vulnerabilities can render existing Beacons unable to communicate with their C2 server, prevent new beacons from being installed, and have the potential to interfere with ongoing operations.
We have released a new Python library to help generically parse Beacon communication in order to help the research security community.
## Introduction
Cobalt Strike is one of the most popular attack frameworks designed for Red Team operations. At the same time, many APTs and malicious actors also use it.
SentinelOne has seen numerous attacks involving Cobalt Strike Beacons acro
https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/https://www.cobaltstrike.com/releasenotes.txthttps://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/https://www.cobaltstrike.com/releasenotes.txt
2021-08-09
Published