CVE-2021-47764 – AbsoluteTelnet 11.24 contains a local denial-of... (How to Fix)

Q: What is the severity of CVE-2021-47764?

CVE-2021-47764 has a CVSS score of 5.5 (MEDIUM). AbsoluteTelnet 11.24 contains a local denial-of-service vulnerability where attackers can crash the application by pasting specially crafted 1000-character payloads into DialUp connection and license name fields. This affects users running AbsoluteTelnet 11.24 on Windows systems where local access is available.

📋 TL;DR

AbsoluteTelnet 11.24 contains a local denial-of-service vulnerability where attackers can crash the application by pasting specially crafted 1000-character payloads into DialUp connection and license name fields. This affects users running AbsoluteTelnet 11.24 on Windows systems where local access is available.

💻 Affected Systems

Products:

AbsoluteTelnet

Versions: 11.24

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where AbsoluteTelnet is installed and local users have access to the application interface.

📦 What is this software?

Absolutetelnet by Celestialsoftware

View all CVEs affecting Absolutetelnet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent application crashes disrupting legitimate users' terminal sessions and workflow, potentially causing data loss in unsaved sessions.

🟠

Likely Case

Temporary disruption of telnet/SSH sessions requiring application restart, causing minor productivity impact.

🟢

If Mitigated

No impact if application is patched or workarounds are implemented to restrict local access.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers or malicious insiders could disrupt legitimate users' terminal sessions.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access to paste payload into specific fields. Proof of concept available in exploit database.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.25 or later

Vendor Advisory: https://www.celestialsoftware.net/

Restart Required: Yes

Instructions:

1. Download latest version from vendor website. 2. Run installer. 3. Restart system or at least the AbsoluteTelnet application.

🔧 Temporary Workarounds

Restrict Local Access

windows

Limit which users can run AbsoluteTelnet or access the system where it's installed.

Input Validation Script

windows

Implement script to monitor and block excessive input in vulnerable fields.

🧯 If You Can't Patch

Restrict application to trusted users only via Windows permissions.
Monitor for application crashes and investigate source systems.

🔍 How to Verify

Check if Vulnerable:

Check AbsoluteTelnet version in Help > About. If version is 11.24, system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About

Verify Fix Applied:

Verify version is 11.25 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crash logs in Windows Event Viewer
Unexpected AbsoluteTelnet process termination

Network Indicators:

None - local exploit only

SIEM Query:

EventID=1000 AND ProcessName="AbsoluteTelnet.exe" AND ExceptionCode=0xC0000005

📊 Metadata

CVE ID: CVE-2021-47764

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 0.01% exploit probability (0.2th percentile)

Published: January 15, 2026

Last Updated: January 26, 2026

🔗 References

https://www.celestialsoftware.net/ Product
https://www.exploit-db.com/exploits/50511 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47764, you might also want to check these: