CVE-2021-47764
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| celestialsoftware | absolute_telnet | 11.24 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in AbsoluteTelnet 11.24 is a denial of service (DoS) issue where local attackers can crash the application by inputting a specially crafted 1000-character payload into specific fields, namely the DialUp connection's phone field and the license name field. When these fields receive this large input, the application crashes and terminates unexpectedly. [2]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with local access can cause AbsoluteTelnet 11.24 to crash, resulting in a denial of service. This means the application becomes unresponsive and terminates unexpectedly, potentially disrupting workflows or administrative tasks that rely on this software. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running AbsoluteTelnet 11.24. One method is to create a text file containing 1000 'A' characters (e.g., using a Python script) and then paste this payload into the 'DialUp -> phone' field in a new connection file or into the 'license name' field followed by clicking the 'Send Error Report' button. If the application crashes or becomes unresponsive, the vulnerability is present. A sample Python command to generate the payload is: python -c "print('A'*1000)". Then paste the output into the specified fields in AbsoluteTelnet. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding pasting or entering excessively long strings (such as 1000-character payloads) into the 'DialUp -> phone' and 'license name' fields in AbsoluteTelnet 11.24. Restrict local user access to the application to trusted users only, as the vulnerability requires local attacker access. Additionally, monitor for application crashes and consider disabling or limiting features that accept user input in these fields until a patch or update is available. [2]