Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017)
CVE-2021-4199

7.8HIGH

Key Information:

Vendor: Bitdefender
Status: Total Security; Internet Security; Antivirus Plus; Endpoint Security Tools For Windows
Vendor: CVE Published:; 7 March 2022

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2021-4199?

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.

Affected Version(s)

Antivirus Plus < 26.0.10.45

Endpoint Security Tools for Windows < 7.4.3.140

Internet Security < 26.0.10.45

References

https://www.bitdefender.com/support/security-advisories/i...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-22-484/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2022
Vulnerability Reserved
Jan 4, 2022

Credit

Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative