Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe
CVE-2021-3579
7.8HIGH
What is CVE-2021-3579?
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.
Affected Version(s)
ENdpoint Security Tools for Windows < 7.2.1.65
Total Security < 7.2.1.65
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Michael DePlante of Trend Micro Zero Day Initiative