CVE-2021-3579

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bitdefender:endpoint_security_tools:*:*:*:*:*:windows:*:*
cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:21

Type Values Removed Values Added
References () https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/ - Vendor Advisory () https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/ - Vendor Advisory
References () https://www.zerodayinitiative.com/advisories/ZDI-21-1277/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-21-1277/ - Third Party Advisory, VDB Entry

28 Nov 2021, 23:24

Type Values Removed Values Added
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1277/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1277/ - Third Party Advisory, VDB Entry

17 Nov 2021, 22:19

Type Values Removed Values Added
References
  • (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1277/ -

10 Nov 2021, 01:19

Type Values Removed Values Added
References
  • {'url': 'https://www.zerodayinitiative.com/advisories/ZDI-21-1277/', 'name': 'https://www.zerodayinitiative.com/advisories/ZDI-21-1277/', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}

03 Nov 2021, 17:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 7.8
References (MISC) https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/ - (MISC) https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/ - Vendor Advisory
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1277/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1277/ - Third Party Advisory
CWE CWE-276
CPE cpe:2.3:a:bitdefender:endpoint_security_tools:*:*:*:*:*:windows:*:*
cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*

03 Nov 2021, 10:15

Type Values Removed Values Added
References
  • (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1277/ -

28 Oct 2021, 14:26

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-28 14:15

Updated : 2024-11-21 06:21


NVD link : CVE-2021-3579

Mitre link : CVE-2021-3579

CVE.ORG link : CVE-2021-3579


JSON object : View

Products Affected

bitdefender

  • total_security
  • endpoint_security_tools
CWE
CWE-276

Incorrect Default Permissions