← Back to CVEs

CVE-2021-4199

HIGH

7.8

Description

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.

CVE Details

CVSS v3.1 Score7.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published3/7/2022

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

bitdefender:antivirus_plusbitdefender:endpoint_security_toolsbitdefender:internet_securitybitdefender:total_security

Weaknesses (CWE)

CWE-732CWE-732

References

https://www.bitdefender.com/support/security-advisories/incorrect-permission-assignment-for-critical-resource-vulnerability-in-bdreinit-exe-va-10017/(cve-requests@bitdefender.com)

https://www.zerodayinitiative.com/advisories/ZDI-22-484/(cve-requests@bitdefender.com)

https://www.bitdefender.com/support/security-advisories/incorrect-permission-assignment-for-critical-resource-vulnerability-in-bdreinit-exe-va-10017/(af854a3a-2127-422b-91ae-364da2661108)

https://www.zerodayinitiative.com/advisories/ZDI-22-484/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.