PT-2021-5594 · Bitdefender · Bitdefender Total Security+1

Izobashi

Published

2021-06-25

Updated

2022-04-25

CVE-2021-3576

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bitdefender Endpoint Security Tools versions prior to 7.2.1.65 Bitdefender Total Security versions prior to 25.0.26

Description The issue allows a local attacker to elevate to 'NT AUTHORITYSystem'. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This is related to errors in access control and unnecessary privileges in Bitdefender Endpoint Security Tools and Bitdefender Total Security.

Recommendations For Bitdefender Endpoint Security Tools versions prior to 7.2.1.65, update to version 7.2.1.65 or later. For Bitdefender Total Security versions prior to 25.0.26, update to version 25.0.26 or later. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250CWE-269

Related Identifiers

BDU:2022-00028

CVE-2021-3576

ZDI-21-1270

ZDI-21-1271

ZDI-21-1376

Affected Products

Bitdefender Endpoint Security Tools

Bitdefender Total Security

PT-2021-5594 · Bitdefender · Bitdefender Total Security+1

CVE-2021-3576

Weakness Enumeration

Related Identifiers

Affected Products

References · 12