VDB
CVE-2021-42977
CVE-2021-42977
PUBLISHED
CVSS 8.800000190734863 HIGH
NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
EPSS 0.16% · 36.6th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.16%
36.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| nomachine | enterprise_desktop | 4.0.346 |
Timeline
- Dec 7, 2021 CVE Published
- Dec 8, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 1, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 21, 2022 EPSS Score
- Jul 15, 2022 EPSS Score
- Sep 8, 2022 EPSS Score
- Nov 2, 2022 EPSS Score
- Dec 26, 2022 EPSS Score
- Feb 19, 2023 EPSS Score
References
- https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/ url
- https://nvd.nist.gov/vuln/detail/CVE-2021-42977 advisory
- https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services url