Login Sign Up

CVE-2021-42983

8.8 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability allows local attackers to execute arbitrary code with kernel privileges or cause denial of service via memory corruption in NoMachine Enterprise Client. It affects users running vulnerable versions of the client software. Attackers need local access to exploit this buffer overflow in the IOCTL handler.

💻 Affected Systems

Products:
  • NoMachine Enterprise Client
Versions: Above 4.0.346 and below 7.7.4
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations within the vulnerable version range. The vulnerability is in the client software, not the server component.

📦 What is this software?

Enterprise Client by Nomachine

View all CVEs affecting Enterprise Client →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level code execution leading to persistent backdoors, data theft, and full control of the affected system.

🟠

Likely Case

Privilege escalation from a lower-privileged user to SYSTEM/root access, enabling lateral movement and further exploitation.

🟢

If Mitigated

Denial of service causing system crashes or instability if exploitation attempts fail or are partially successful.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable over network.
🏢 Internal Only: HIGH - Local attackers on the same system can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of the vulnerable IOCTL handler. No public exploit code has been released as of available information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.7.4 and later

Vendor Advisory: https://www.nomachine.com/

Restart Required: Yes

Instructions:

1. Download NoMachine Enterprise Client version 7.7.4 or later from official website. 2. Uninstall current vulnerable version. 3. Install updated version. 4. Restart the system.

🔧 Temporary Workarounds

Disable NoMachine Client

linux

Remove or disable the NoMachine Enterprise Client if not required

sudo systemctl stop nomachine
sudo systemctl disable nomachine

Restrict Local Access

all

Implement strict local access controls and user privilege separation

🧯 If You Can't Patch

  • Implement strict user privilege separation to limit potential damage from exploitation
  • Monitor systems for unusual process creation or privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check NoMachine version: On Windows - Check installed programs list; On Linux - Run 'nxclient --version' or check package manager; On macOS - Check About in NoMachine menu

Check Version:

nxclient --version (Linux) or check installed programs (Windows)

Verify Fix Applied:

Confirm version is 7.7.4 or higher using the same version check methods

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation with elevated privileges
  • System crashes or instability
  • Failed IOCTL requests to NoMachine driver

Network Indicators:

  • Local privilege escalation attempts
  • Unusual local system activity

SIEM Query:

Process creation where parent process is NoMachine client and privilege level changes

📊 Metadata

CVE ID: CVE-2021-42983
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-120
Published: December 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42983, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)