Improper Input Validation in Bitdefender Endpoint Security Tools for Linux
CVE-2021-3485

6.6MEDIUM

Key Information:

Vendor: Bitdefender
Status: Endpoint Security Tools For Linux
Vendor: CVE Published:; 24 May 2021

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2021-3485?

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.

Affected Version(s)

Endpoint Security Tools for Linux < 6.2.21.155

References

https://www.bitdefender.com/support/security-advisories/i...

x_refsource_MISC

https://herolab.usd.de/security-advisories/usd-2021-0014/

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2021
Vulnerability Reserved
Apr 7, 2021