PT-2021-20696 · Bitdefender · Bitdefender Endpoint Security Tools For Linux
Ralf Almon
·
Published
2021-05-24
·
Updated
2024-09-16
·
CVE-2021-3485
CVSS v3.1
6.6
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155
Description:
An Improper Input Validation issue in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the
DownloadFile function to achieve remote code execution.Recommendations:
For Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155, update to version 6.2.21.155 or later to resolve the issue. As a temporary workaround, consider restricting access to the Product Update feature until a patch is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitdefender Endpoint Security Tools For Linux