CVE-2021-3579
Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.
Una vulnerabilidad de Permisos Predeterminados Incorrectos en los componentes bdservicehost.exe y Vulnerability.Scan.exe usados en Bitdefender Endpoint Security Tools for Windows, Total Security permite a un atacante local elevar los privilegios a NT AUTHORITY\SYSTEM Este problema afecta a: Bitdefender Endpoint Security Tools for Windows versiones anteriores a 7.2.1.65. Bitdefender Total Security versiones anteriores a 7.2.1.65
This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the endpoint client. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-03 CVE Reserved
- 2021-10-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-21-1277 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Bitdefender Search vendor "Bitdefender" | Endpoint Security Tools Search vendor "Bitdefender" for product "Endpoint Security Tools" | < 7.2.1.65 Search vendor "Bitdefender" for product "Endpoint Security Tools" and version " < 7.2.1.65" | windows |
Affected
| ||||||
Bitdefender Search vendor "Bitdefender" | Total Security Search vendor "Bitdefender" for product "Total Security" | < 7.2.1.65 Search vendor "Bitdefender" for product "Total Security" and version " < 7.2.1.65" | - |
Affected
|