CVE-2021-3485
Improper Input Validation in Bitdefender Endpoint Security Tools for Linux
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.
Una vulnerabilidad de comprobación inapropiada de entrada en la funcionalidad Product Update de Bitdefender Endpoint Security Tools para Linux, permite a un atacante man-in-the-middle abusar de la función DownloadFile de la actualización del producto para lograr una ejecución de código remota. Este problema afecta a: Bitdefender Endpoint Security Tools para Linux versiones anteriores a 6.2.21.155
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-07 CVE Reserved
- 2021-05-24 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-09-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-494: Download of Code Without Integrity Check
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://herolab.usd.de/security-advisories/usd-2021-0014 | 2024-09-16 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Bitdefender Search vendor "Bitdefender" | Endpoint Security Tools Search vendor "Bitdefender" for product "Endpoint Security Tools" | < 6.2.21.155 Search vendor "Bitdefender" for product "Endpoint Security Tools" and version " < 6.2.21.155" | linux |
Affected
|