CVE-2021-4199
Summary
| CVE | CVE-2021-4199 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-07 12:15:00 UTC |
| Updated | 2022-03-11 18:52:00 UTC |
| Description | Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146. |
Risk And Classification
Problem Types: CWE-732
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bitdefender | Antivirus Plus | All | All | All | All |
| Application | Bitdefender | Endpoint Security Tools | All | All | All | All |
| Application | Bitdefender | Internet Security | All | All | All | All |
| Application | Bitdefender | Total Security | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ZDI-22-484 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017) - Bitdefender | CONFIRM | www.bitdefender.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
There are currently no legacy QID mappings associated with this CVE.