Vulnerability Name: | CVE-2021-3576 (CCN-212393) | ||||||||||||
Assigned: | 2021-10-28 | ||||||||||||
Published: | 2021-10-28 | ||||||||||||
Updated: | 2022-04-25 | ||||||||||||
Summary: | Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-269 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-3576 Source: XF Type: UNKNOWN bitdefender-cve20213576-priv-esc(212393) Source: CCN Type: Bitdefender VA-9848 Privilege escalation via SeImpersonatePrivilege in Bitdefender Endpoint Security Tools Source: MISC Type: Vendor Advisory https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848/ Source: CCN Type: ZDI-21-1276 (0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability Source: MISC Type: Third Party Advisory, VDB Entry https://www.zerodayinitiative.com/advisories/ZDI-21-1276/ Source: CCN Type: ZDI-21-1376 Bitdefender GravityZone Unnecessary Privileges Local Privilege Escalation Vulnerability Source: MISC Type: Third Party Advisory, VDB Entry https://www.zerodayinitiative.com/advisories/ZDI-21-1376/ | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |