Lucene search

[email protected]CVE-2021-4199

HistoryMar 07, 2022 - 12:15 p.m.

CVE-2021-4199

2022-03-0712:15:08

CWE-732

[email protected]

web.nvd.nist.gov

cve-2021-4199

vulnerability

bitdefender

total security

internet security

antivirus plus

endpoint security

windows

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.

Affected configurations

NVD

Node

bitdefenderantivirus_plusRange<26.0.3.29

bitdefenderendpoint_security_toolsRange<7.4.3.146windows

bitdefenderinternet_securityRange<26.0.3.29

bitdefendertotal_securityRange<26.0.3.29

CPENameOperatorVersion
bitdefender:antivirus_plusbitdefender antivirus pluslt26.0.3.29
bitdefender:endpoint_security_toolsbitdefender endpoint security toolslt7.4.3.146
bitdefender:internet_securitybitdefender internet securitylt26.0.3.29
bitdefender:total_securitybitdefender total securitylt26.0.3.29

CPE	Name	Operator	Version
bitdefender:antivirus_plus	bitdefender antivirus plus	lt	26.0.3.29
bitdefender:endpoint_security_tools	bitdefender endpoint security tools	lt	7.4.3.146
bitdefender:internet_security	bitdefender internet security	lt	26.0.3.29
bitdefender:total_security	bitdefender total security	lt	26.0.3.29

CNA Affected

[
  {
    "product": "Total Security",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "26.0.10.45",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Internet Security",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "26.0.10.45",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Antivirus Plus",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "26.0.10.45",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Endpoint Security Tools for Windows",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "7.4.3.140",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bitdefender.com/support/security-advisories/incorrect-permission-assignment-for-critical-resource-vulnerability-in-bdreinit-exe-va-10017/

www.zerodayinitiative.com/advisories/ZDI-22-484/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for CVE-2021-4199

zdi1 prion1 cvelist1 nvd1