Kenna Security is now part of Cisco

|Learn more
Contact Us
Talk to an Expert
Request a demo

March Vuln of the Month: CVE-2021-24094

Mar 10, 2021
Jerry Gamblin
Director of Security Research at Kenna Security

Share with Your Network

It’s Exploit Wednesday, and that means we’re publishing the second entry in our new Vuln of the Month blog series. If you missed last month’s debut, this series spotlights a named CVE that may not already be on your radar screen, but probably should be.

This month’s vuln: CVE-2021-24094

Kenna Security’s research team is closely tracking CVE-2021-24094, a Remote Code Execution vulnerability in the default TCP/IP stack on all supported Microsoft operating systems. This vuln is an up-and-comer: No proof of concept exploit code is known to exist yet, and we haven’t seen any indications of it actively being exploited. But there are plenty of reasons this one is worth watching. 

Our research shows that CVE-2021-24094 meets many of the criteria we look for to be widely exploited. We’ve listed these criteria by their significance in assessing the risk that it will be weaponized:

  • Access complexity: Low
  • Potential attack surface: > 1 billion
  • Exploitable remotely: Yes
  • Authentication/privilege requirements: None
  • Potential impact on availability: Complete
  • Exploit code published: No
  • Active exploits observed: No

CVE-2021-24094 distribution, As the above graph illustrates, only 3.23% of observed vulnerabilities pose a larger risk than CVE-2021-24094.

As the above graph illustrates, only 3.23% of observed vulnerabilities pose a larger risk than CVE-2021-24094.

Why CVE-2021-24094 matters

With a broad attack surface–it’s a Windows vuln affecting all IPv6 deployments, after all–CVE-2021-24094 is one of a trio of TCP/IP stack vulnerabilities that Microsoft closed last month. (The others are CVE-2021-24086 and CVE-2021-24074.)

One reason we chose this vuln is, quite simply, there is a strong chance that bad actors will release functional exploits targeting it. In fact, in Microsoft’s own exploitability assessment, it characterizes CVE-2021-24094 as “exploitation more likely,” a ranking that may not sound ominous on its face, but in fact is just one notch below “exploit detected.” 

CVE-2021-24094 currently has a Kenna Risk Score of 59, which places it in the top 96th percentile of all known vulns in terms of relative risk. There is much to warrant this rating. An exploit of this vulnerability requires no special user authorization, and a successful attack could shut down a network even after the attack itself is over, with low levels of attack complexity indicating that an attacker can look forward to “repeated success.” No interaction with users is required to execute an attack, and a remote attack can be achieved at the protocol level one or two hops away from the target network via multiple routers.

 

It’s also worth noting that while Microsoft released information on CVE-2021-24094 on Feb. 9, the NVD page associated with this vuln was still pending on March 1  That means anyone relying on NVD for vulnerability information until March 2 would have been met with a large, unhelpful blind spot.

Bottom line

The high risk score associated with this vuln suggests that this vulnerability should be patched on every supported version of Windows.

Mitigation status

Microsoft published security updates to address CVE-2021-24094 on Patch Tuesday, Feb. 9, 2021. Microsoft’s advisory site also lists specific mitigations and workarounds.

Watch this space for future Vuln of the Month spotlights. Meanwhile, if you find yourself chasing new and emerging vulns but never quite catching up, learn more about how Kenna Security can help you focus on your highest-risk vulnerabilities, rather than headlines, thanks in part to our real-time vulnerability intelligence powered by machine learning. 

Read the Latest Content

Trending Vulns

Introducing Kenna’s Vuln of the Month Series

Our research shows that CVE-2021-1647 meets the criteria we look for to be exploited and that it has the potential for widespread impact.
READ MORE
Trending Vulns

Are We Patching CVE-2020-0688 (the Microsoft Exchange RCE) Fast Enough?

Understand how remediation teams were doing against cve-2020-0688. Get tips now on how to deal with CVE 2020 0688.
READ MORE
Threat Intelligence

18+ Threat Intel Feeds Power Modern Vulnerability Management

You need lots of threat intelligence feeds to cover all of the threat and vulnerability data categories in the world. Learn about the threat intel feeds...
READ MORE
FacebookLinkedInTwitterYouTube

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.