CVE-2021-3552
Insufficient validation on regular expression in EPPUpdateService config file (VA-9825)
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.
Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el componente EPPUpdateService de Bitdefender Endpoint Security Tools permite a un atacante enviar peticiones al servidor de retransmisión. Este problema afecta a: Las versiones de Bitdefender Endpoint Security Tools anteriores a 6.6.27.390; las versiones anteriores a 7.1.2.33. Bitdefender GravityZone 6.24.1-1
*Credits:
Nicolas VERDIER, Cybersecurity Consultant at TEHTRIS
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-17 CVE Reserved
- 2021-11-24 CVE Published
- 2024-02-19 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.bitdefender.com/support/security-advisories/insufficient-validation-regular-expression-eppupdateservice-config-file-va-9825 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bitdefender Search vendor "Bitdefender" | Endpoint Security Tools Search vendor "Bitdefender" for product "Endpoint Security Tools" | < 6.2.21.160 Search vendor "Bitdefender" for product "Endpoint Security Tools" and version " < 6.2.21.160" | - |
Affected
| ||||||
| Bitdefender Search vendor "Bitdefender" | Endpoint Security Tools Search vendor "Bitdefender" for product "Endpoint Security Tools" | >= 6.6.27.0 < 6.6.27.390 Search vendor "Bitdefender" for product "Endpoint Security Tools" and version " >= 6.6.27.0 < 6.6.27.390" | - |
Affected
| ||||||
| Bitdefender Search vendor "Bitdefender" | Endpoint Security Tools Search vendor "Bitdefender" for product "Endpoint Security Tools" | >= 7.0.0.00 < 7.1.2.33 Search vendor "Bitdefender" for product "Endpoint Security Tools" and version " >= 7.0.0.00 < 7.1.2.33" | - |
Affected
| ||||||
| Bitdefender Search vendor "Bitdefender" | Gravityzone Search vendor "Bitdefender" for product "Gravityzone" | 6.24.1-1 Search vendor "Bitdefender" for product "Gravityzone" and version "6.24.1-1" | - |
Affected
| ||||||