Exploit Prices 10/07/2021

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix81
Temporary Fix0
Workaround0
Unavailable0
Not Defined27

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined108

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤32
≤417
≤524
≤632
≤725
≤88
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤417
≤525
≤631
≤728
≤85
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k28
<2k19
<5k20
<10k9
<25k21
<50k9
<100k2
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k67
<2k12
<5k17
<10k10
<25k2
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
10/07/2021$25k-$100k$5k-$25kGoogle Android FLV File memory corruptionNot Defined
 
 
0.03CVE-2021-0635
10/07/2021$25k-$100k$5k-$25kGoogle Android AVI File memory corruptionNot Defined
 
 
0.06CVE-2021-0636
10/07/2021$25k-$100k$5k-$25kCisco Email Security Appliance Antispam Protection Mechanism access controlNot Defined
 
 
0.03CVE-2021-1534
10/07/2021$25k-$100k$5k-$25kGoogle Android TouchInputMapper.cpp sync out-of-bounds writeNot Defined
 
 
0.04CVE-2021-0684
10/07/2021$25k-$100k$0-$5kGoogle Android ActivityManagerShellCommand.java runTraceIpcStop Local Privilege EscalationNot Defined
 
 
0.06CVE-2021-0683
10/07/2021$25k-$100k$5k-$25kGoogle Android ParsedIntentInfo.java ParsedtentInfo deserializationNot Defined
 
 
0.04CVE-2021-0685
10/07/2021$25k-$100k$5k-$25kGoogle Android FirstScreenBroadcast.java sendBroadcastToInstaller privileges managementNot Defined
 
 
0.06CVE-2021-0692
10/07/2021$25k-$100k$5k-$25kGoogle Android Bluetooth ConfirmConnectActivity.java onCreate improper restriction of rendered ui layersNot Defined
 
 
0.03CVE-2021-0598
10/07/2021$25k-$100k$5k-$25kGoogle Android System Proper information disclosureNot Defined
 
 
0.00CVE-2021-0681
10/07/2021$25k-$100k$5k-$25kGoogle Android System Properties information disclosureNot Defined
 
 
0.04CVE-2021-0680
10/07/2021$25k-$100k$5k-$25kApache HTTP Server Incomplete Fix CVE-2021-41773 path traversalNot Defined
 
 
0.03CVE-2021-42013
10/07/2021$5k-$25k$5k-$25kGoogle Android SubscriptionController.java information disclosureNot Defined
 
 
0.06CVE-2021-0644
10/07/2021$5k-$25k$5k-$25kCisco Identity Services Engine REST API privileges assignmentNot Defined
 
 
0.03CVE-2021-1594
10/07/2021$5k-$25k$0-$5kGoogle Android NotificationManagerService.java sendAccessibilityEvent information disclosureNot Defined
 
 
0.05CVE-2021-0682
10/07/2021$5k-$25k$0-$5kCisco Small Business 220 Link Layer Discovery Protocol buffer overflowNot Defined
 
 
0.04CVE-2021-34776
10/07/2021$5k-$25k$0-$5kCisco Small Business 220 Link Layer Discovery Protocol buffer overflowNot Defined
 
 
0.06CVE-2021-34778
10/07/2021$5k-$25k$0-$5kCisco Small Business 220 Link Layer Discovery Protocol buffer overflowNot Defined
 
 
0.06CVE-2021-34775
10/07/2021$5k-$25k$0-$5kCisco Small Business 220 Link Layer Discovery Protocol buffer overflowNot Defined
 
 
0.05CVE-2021-34777
10/07/2021$5k-$25k$0-$5kCisco Small Business 220 Link Layer Discovery Protocol buffer overflowNot Defined
 
 
0.00CVE-2021-34779
10/07/2021$5k-$25k$0-$5kCisco Small Business 220 Link Layer Discovery Protocol buffer overflowNot Defined
 
 
0.00CVE-2021-34780
10/07/2021$5k-$25k$0-$5kCisco Intersight Virtual Appliance Web-based Management Interface command injectionNot Defined
 
 
0.03CVE-2021-34748
10/07/2021$5k-$25k$0-$5kCisco Smart Software Manager On-Prem Web UI privileges managementNot Defined
 
 
0.00CVE-2021-34766
10/07/2021$5k-$25k$0-$5kCisco Business 220 Series Smart Switch source codeNot Defined
 
 
0.00CVE-2021-34757
10/07/2021$5k-$25k$0-$5kCisco Business 220 Series Smart Switch source codeNot Defined
 
 
0.04CVE-2021-34744
10/07/2021$5k-$25k$0-$5kXen PCI Device memory corruptionNot Defined
 
 
0.04CVE-2021-28702
10/07/2021$5k-$25k$0-$5kCisco TelePresence Collaboration Endpoint/RoomOS permission assignmentNot Defined
 
 
0.05CVE-2021-34758
10/07/2021$5k-$25k$0-$5kCisco Web Security Appliance HTTPS Connection memory leakNot Defined
 
 
0.00CVE-2021-34698
10/07/2021$5k-$25k$0-$5kCisco Orbital Web-based Management Interface redirectNot Defined
 
 
0.04CVE-2021-34772
10/07/2021$5k-$25k$0-$5kGoogle Android SkSwizzler_opts.h RGB_to_BGR1_portable out-of-bounds readNot Defined
 
 
0.00CVE-2021-0689
10/07/2021$5k-$25k$0-$5kGoogle Android SMS App RoleManagerService.java getDefaultSmsPackage information disclosureNot Defined
 
 
0.04CVE-2021-0686
10/07/2021$5k-$25k$0-$5kGoogle Android HeapDumpProvider.java openFile information disclosureNot Defined
 
 
0.04CVE-2021-0693
10/07/2021$5k-$25k$0-$5kCisco IP Phone Debug Shell Command path traversalNot Defined
 
 
0.05CVE-2021-34711
10/07/2021$5k-$25k$0-$5kCisco Identity Services Engine Web-based Management Interface xml external entity referenceNot Defined
 
 
0.04CVE-2021-34706
10/07/2021$5k-$25k$0-$5kGoogle Android Layout.java ellipsize denial of serviceNot Defined
 
 
0.00CVE-2021-0687
10/07/2021$5k-$25k$0-$5kCisco DNA Center API Endpoint information disclosureNot Defined
 
 
0.03CVE-2021-34782
10/07/2021$5k-$25k$0-$5kCisco Identity Services Engine Web-based Management Interface information disclosureNot Defined
 
 
0.04CVE-2021-34702
10/07/2021$5k-$25k$0-$5kHuawei GT2107-WTBD denial of serviceNot Defined
 
 
0.03CVE-2021-20604
10/07/2021$5k-$25k$0-$5kCisco Vision Dynamic Signage Director Web-based Management Interface cross site scriptingNot Defined
 
 
0.08CVE-2021-34742
10/07/2021$5k-$25k$0-$5kCisco ATA 190 allocation of resourcesNot Defined
 
 
0.00CVE-2021-34735
10/07/2021$5k-$25k$0-$5kCisco ATA 190 allocation of resourcesNot Defined
 
 
0.00CVE-2021-34710

68 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!