Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.
References
Link | Resource |
---|---|
https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848/ | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1276/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-21-1376/ | Third Party Advisory VDB Entry |
https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848/ | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1276/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-21-1376/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848/ - Vendor Advisory | |
References | () https://www.zerodayinitiative.com/advisories/ZDI-21-1276/ - Third Party Advisory, VDB Entry | |
References | () https://www.zerodayinitiative.com/advisories/ZDI-21-1376/ - Third Party Advisory, VDB Entry |
15 Dec 2021, 16:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1376/ - Third Party Advisory, VDB Entry |
03 Dec 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Nov 2021, 23:24
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1276/ - Third Party Advisory, VDB Entry |
17 Nov 2021, 22:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Nov 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Nov 2021, 20:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848/ - Vendor Advisory | |
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CPE | cpe:2.3:a:bitdefender:endpoint_security_tools:*:*:*:*:*:*:*:* cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:* |
28 Oct 2021, 14:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-28 14:15
Updated : 2024-11-21 06:21
NVD link : CVE-2021-3576
Mitre link : CVE-2021-3576
CVE.ORG link : CVE-2021-3576
JSON object : View
Products Affected
bitdefender
- total_security
- endpoint_security_tools