Bitdefender · Bitdefender Endpoint Security Tools For Linux · CVE-2021-3485
Name of the Vulnerable Software and Affected Versions:
Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155
Description:
An Improper Input Validation issue in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the `DownloadFile` function to achieve remote code execution.
Recommendations:
For Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155, update to version 6.2.21.155 or later to resolve the issue. As a temporary workaround, consider restricting access to the Product Update feature until a patch is applied.