{"api_version":"1","generated_at":"2026-04-23T07:56:58+00:00","cve":"CVE-2022-0357","urls":{"html":"https://cve.report/CVE-2022-0357","api":"https://cve.report/api/cve/CVE-2022-0357.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-0357","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-0357"},"summary":{"title":"CVE-2022-0357","description":"Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45.","state":"PUBLIC","assigner":"cve-requests@bitdefender.com","published_at":"2023-05-24 08:15:00","updated_at":"2023-05-31 19:29:00"},"problem_types":["CWE-428"],"metrics":[],"references":[{"url":"https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security","name":"https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security","refsource":"MISC","tags":[],"title":"Improper Quoting Path Issue in Bitdefender Total Security - Bitdefender","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-0357","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0357","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"357","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitdefender","cpe5":"antivirus_plus","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"357","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitdefender","cpe5":"internet_security","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"357","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitdefender","cpe5":"total_security","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-0357","ASSIGNER":"cve-requests@bitdefender.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-428 Unquoted Search Path or Element","cweId":"CWE-428"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Bitdefender","product":{"product_data":[{"product_name":"Total Security","version":{"version_data":[{"version_affected":"=","version_value":"26.0.10.45"}]}},{"product_name":"Internet Security","version":{"version_data":[{"version_affected":"=","version_value":"26.0.10.45"}]}},{"product_name":"Antivirus Plus","version":{"version_data":[{"version_affected":"=","version_value":"26.0.10.45"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security","refsource":"MISC","name":"https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"defect":["VA-10294"],"discovery":"EXTERNAL"},"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An automatic update to version 26.0.10.45 or higher fixes the issue.<br>"}],"value":"An automatic update to version 26.0.10.45 or higher fixes the issue.\n"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-05-24 08:15:00","lastModifiedDate":"2023-05-31 19:29:00","problem_types":["CWE-428"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.10.45","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.10.45","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.10.45","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"357","Ordinal":"227009","Title":"CVE-2022-0357","CVE":"CVE-2022-0357","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"357","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}