CVE-2021-3576
Summary
| CVE | CVE-2021-3576 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-28 14:15:00 UTC |
| Updated | 2022-04-25 18:05:00 UTC |
| Description | Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bitdefender | Endpoint Security Tools | All | All | All | All |
| Application | Bitdefender | Total Security | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ZDI-21-1276 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| Privilege escalation via SeImpersonatePrivilege in Bitdefender Endpoint Security Tools (VA-9848) - Bitdefender | MISC | www.bitdefender.com | |
| ZDI-21-1376 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Zero-Day Initiative (ZDI)
There are currently no legacy QID mappings associated with this CVE.