Vulnerability Name: | CVE-2021-3960 (CCN-215572) | ||||||||||||
Assigned: | 2021-12-16 | ||||||||||||
Published: | 2021-12-16 | ||||||||||||
Updated: | 2021-12-21 | ||||||||||||
Summary: | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-22 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-3960 Source: XF Type: UNKNOWN bitdefender-cve20213960-priv-esc(215572) Source: MISC Type: Vendor Advisory https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-10146 Source: CCN Type: Bitdefender VA-10146 Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |