CVE-2021-42973 : Security Advisory and Response
Learn about CVE-2021-42973 affecting NoMachine Server, allowing local attackers to execute arbitrary code or cause denial of service. Find out the impact, technical details, and mitigation steps.
NoMachine Server is affected by an Integer Overflow vulnerability that allows local attackers to execute arbitrary code in kernel mode or cause denial of service.
Understanding CVE-2021-42973
NoMachine Server version above 4.0.346 and below 7.7.4 is susceptible to exploitation.
What is CVE-2021-42973?
An Integer Overflow vulnerability in the IOCTL Handler 0x22001B of NoMachine Server enables attackers to trigger memory corruption and OS crashes through specially crafted I/O Request Packets.
The Impact of CVE-2021-42973
- Local attackers can execute arbitrary code in kernel mode
- Risk of denial of service (DoS) due to memory corruption and OS crashes
Technical Details of CVE-2021-42973
The technical specifics of this CVE vulnerability are as follows:
Vulnerability Description
NoMachine Server is prone to an Integer Overflow vulnerability affecting the IOCTL Handler 0x22001B.
Affected Systems and Versions
- Product: NoMachine Server
- Versions: Above 4.0.346 and below 7.7.4
Exploitation Mechanism
The vulnerability can be exploited by local attackers using specially crafted I/O Request Packets.
Mitigation and Prevention
To mitigate the risks associated with CVE-2021-42973, consider the following steps:
Immediate Steps to Take
- Apply security patches promptly
- Monitor system logs for any unusual activities
Long-Term Security Practices
- Implement the principle of least privilege
- Enforce strong password policies
Patching and Updates
Keep NoMachine Server up to date with the latest security patches to address this vulnerability.