Improper handling of registry symbolic links in Bitdefender Engines
CVE-2022-3369

8.6HIGH

Key Information:

Vendor: Bitdefender
Status: Engines
Vendor: CVE Published:; 1 November 2022

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2022-3369?

An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659.

Affected Version(s)

Engines < 7.92659

References

https://www.bitdefender.com/support/security-advisories/i...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2022
Vulnerability Reserved
Sep 30, 2022