Submit #17584: Versions 4.2 and 4.3 of Cobalt Strike’s server contain multiple Denial of Service vulnerabilities (CVE-2021-36798)info

TitleVersions 4.2 and 4.3 of Cobalt Strike’s server contain multiple Denial of Service vulnerabilities (CVE-2021-36798)
DescriptionThe vulnerabilities can render existing Beacons unable to communicate with their C2 server, prevent new beacons from being installed, and have the potential to interfere with ongoing operations. CVE-2021-36798 Poc: https://github.com/Sentinel-One/CobaltStrikeParser/blob/master/extra/communication_poc.py Fix: HelpSystems released Cobalt Strike 4.4, which contains a fix for CVE-2021-36798.
Source⚠️ https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/
User
 misc (UID 3)
Submission08/04/2021 19:14 (5 years ago)
Moderation08/04/2021 19:57 (43 minutes later)
StatusAccepted
VulDB entry180073 [HelpSystems Cobalt Strike Server 4.2/4.3 Screenshot readCountedBytes Hotcobalt denial of service]
Points20

Do you want to use VulDB in your project?

Use the official API to access entries easily!