CVE-2021-42977
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
NoMachine Enterprise Desktop está afectado por un desbordamiento de enteros. IOCTL Handler 0x22001B en NoMachine Enterprise Desktop versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite a atacantes locales ejecutar código arbitrario en modo kernel o causar una denegación de servicio (corrupción de memoria y bloqueo del Sistema Operativo) por medio de un paquete de petición de E/S especialmente diseñado
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-25 CVE Reserved
- 2021-12-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nomachine Search vendor "Nomachine" | Enterprise Desktop Search vendor "Nomachine" for product "Enterprise Desktop" | > 4.0.346 < 7.7.4 Search vendor "Nomachine" for product "Enterprise Desktop" and version " > 4.0.346 < 7.7.4" | - |
Affected
|