CVE-2021-36798

HIGH

Helpsystems Cobalt Strike - Resource Allocation Without Limits

Title source: rule

Description

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.

Exploits (3)

nomisec WORKING POC 103 stars

by JamVayne · poc

https://github.com/JamVayne/CobaltStrikeDos

View Code ZIP pw:eip

nomisec WORKING POC 37 stars

by M-Kings · poc

https://github.com/M-Kings/CVE-2021-36798

View Code ZIP pw:eip

nomisec WORKING POC

by sponkmonk · poc

https://github.com/sponkmonk/CobaltSploit

View Code ZIP pw:eip

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://www.cobaltstrike.com/releasenotes.txt

Exploit, Third Party Advisory x_refsource_misc

https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/

Scores

CVSS v3 7.5

EPSS 0.2768

EPSS Percentile 96.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-770

Status published

Products (2)

helpsystems/cobalt_strike 4.2

helpsystems/cobalt_strike 4.3

Published Aug 09, 2021

Tracked Since Feb 18, 2026