CVE-2021-24086

Description from NVD

Windows TCP/IP Denial of Service Vulnerability

Information Acquisition Date:2021-04-27T11:06Z
CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD References

 N/A
     source:N/A
     tags:Patch    Vendor Advisory    

This vulnerability may involve a PoC.

Description from Forti

Microsoft: Windows TCP/IP Denial of Service Vulnerability

This indicates an attack attempt to exploit a Denial of Service Vulnerability in Microsoft Windows.This vulnerability is due insufficient handling of maliciously crafted packets. Successful exploitation can result in a denial of service condition on the victim machine.

Information Acquisition Date:2021/03/01

Affected Products

Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24086

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24086

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...258
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2...126
https://msrc-blog.microsoft.com/2021/02/09/multiple-securit...5
https://github.com/0vercl0k/CVE-2021-240864
https://unit42.paloaltonetworks.com/cve-2021-24074-patch-tu...4
https://twitter.com/blueteamsec1/status/13592754049056972813
https://doar-e.github.io/blog/2021/04/15/reverse-engineerin...3
https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragm...3
https://packetstormsecurity.com/files/163499/CVE-2021-24086...3
https://www.bleepingcomputer.com/news/security/microsoft-ur...3

Information from Twitter

User URL Info Source Date
WolfgangSesin http://www.sesin.at Source WolfgangSesin    1625272583682682880 2023/02/14
WolfgangSesin https://www.sesin.at/2023/02/14/multiple-security-updates-a... Source WolfgangSesin    1625272583682682880 2023/02/14
www_sesin_at http://www.sesin.at Source www_sesin_at     1625272588439093249 2023/02/14
www_sesin_at https://www.sesin.at/2023/02/14/multiple-security-updates-a... Source www_sesin_at     1625272588439093249 2023/02/14

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com258
msrc.microsoft.com126
msrc-blog.microsoft.com5
github.com4
unit42.paloaltonetworks.com4
twitter.com3
doar-e.github.io3
blog.quarkslab.com3
packetstormsecurity.com3
www.bleepingcomputer.com3

Information from Twitter

User URL Info Source
WolfgangSesin sesin.at Show Tweet
WolfgangSesin sesin.at Show Tweet
www_sesin_at sesin.at Show Tweet
www_sesin_at sesin.at Show Tweet
GitHub Search Results: Up to 10
NameURL
0vercl0k/CVE-2021-24086 https://github.com/0vercl0k/CVE-2021-24086
xuejilinhan/CVE-2021-24086 https://github.com/xuejilinhan/CVE-2021-24086
GitHub Search Results: Up to 10
NameURL
0vercl0k/CVE-2021-24086 github.com
xuejilinhan/CVE-2021-24086 github.com
2023/02/14 Score : 0
Added Har-sia Database : 2021/02/10
Last Modified : 2023/02/14
Highest Scored Date : 2021/02/10
Highest Score : 69