CVE-2021-3579

Published: Oct 28, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.

Affected (2)

Products: Bitdefender: Endpoint Security Tools, Total Security

2 products

Endpoint Security Tools

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Bitdefender Endpoint Security Tools	Before 7.2.1.65
Bitdefender Total Security	Before 7.2.1.65

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/

Source: cve-requests@bitdefender.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1277/

Source: cve-requests@bitdefender.com

Third Party AdvisoryVDB Entry

https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1277/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.