PT-2021-5048 · Bitdefender · Bitdefender Total Security+1

Izobashi

Published

2021-06-04

Updated

2021-11-28

CVE-2021-3579

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65 Bitdefender Total Security versions prior to 7.2.1.65

Description The issue is related to incorrect default permissions in the bdservicehost.exe and Vulnerability.Scan.exe components. This allows a local attacker to elevate privileges to NT AUTHORITYSYSTEM.

Recommendations For Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65, update to version 7.2.1.65 or later. For Bitdefender Total Security versions prior to 7.2.1.65, update to version 7.2.1.65 or later. As a temporary workaround, consider restricting access to the bdservicehost.exe and Vulnerability.Scan.exe components until a patch is applied.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

BDU:2021-05818

CVE-2021-3579

ZDI-21-1272

ZDI-21-1273

ZDI-21-1276

ZDI-21-1277

Affected Products

Bitdefender Endpoint Security Tools For Windows

Bitdefender Total Security

PT-2021-5048 · Bitdefender · Bitdefender Total Security+1

CVE-2021-3579

Weakness Enumeration

Related Identifiers

Affected Products

References · 9