May 14, 2021

HTTP Protocol Stack Remote Code Execution Vulnerability

CVE-2021-31166 is a RCE vulnerability which can be exploited by a remote, unauthenticated attacker sending a crafted HTTP packet to a system utilizing the HTTP Protocol Stack (http.sys). The vulnerability is considered to be wormable, which means that a single infection could result in a chain reaction of systems impacted across an enterprise without any user interaction.

Here I show the current prediction of this vulnerability from Kenna.VI.


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31166
 [_] Desc   : HTTP Protocol Stack Remote Code Execution Vulnerability

 [_] C:2021-04-14 / P:2021-05-11 / L:2021-05-11
 [*] Vuln Risk           : 59.3261
 [*] Exploited [trend]   : 0 [holding] [RCE] [Pre_NVD]
 [_] Exploit/likehood    : False/8.2597% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [3]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 10.0 / 9.8 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]

[ CVE Chatter Info : 11 ]

[ CVE History : CVE-2021-31166 ]
 [*] ID              : 3652630
 [*] Vuln Risk Score : 59
 [*] History         : 2

   [**] changed_at : 2021-05-12T04:06:53.000Z
   [**]       from : 25
   [**]         to : 56

   [**] changed_at : 2021-05-13T05:08:24.000Z
   [**]       from : 56
   [**]         to : 59

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-31166 (59.3261) : []


 ** [5] threads completed [4 tasks] / [7.14 KB] within [4.98 sec].