| Title | Versions 4.2 and 4.3 of Cobalt Strike’s server contain multiple Denial of Service vulnerabilities (CVE-2021-36798) |
|---|
| Description | The vulnerabilities can render existing Beacons unable to communicate with their C2 server, prevent new beacons from being installed, and have the potential to interfere with ongoing operations.
CVE-2021-36798
Poc: https://github.com/Sentinel-One/CobaltStrikeParser/blob/master/extra/communication_poc.py
Fix: HelpSystems released Cobalt Strike 4.4, which contains a fix for CVE-2021-36798. |
|---|
| Source | ⚠️ https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/ |
|---|
| User | misc (UID 3) |
|---|
| Submission | 08/04/2021 19:14 (5 years ago) |
|---|
| Moderation | 08/04/2021 19:57 (43 minutes later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 180073 [HelpSystems Cobalt Strike Server 4.2/4.3 Screenshot readCountedBytes Hotcobalt denial of service] |
|---|
| Points | 20 |
|---|