Lucene search

[email protected]CVE-2021-3553

HistoryNov 24, 2021 - 4:15 p.m.

CVE-2021-3553

2021-11-2416:15:13

CWE-918

[email protected]

web.nvd.nist.gov

cve-2021-3553

bitdefender

endpoint security

ssrf

eppupdateservice

vulnerability

nvd

security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

JSON

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

Affected configurations

NVD

Node

bitdefenderendpoint_security_toolsRange<6.2.21.160linux

bitdefenderendpoint_security_toolsRange6.6.27.0–6.6.27.390

bitdefenderendpoint_security_toolsRange7.0.0.00–7.1.2.33

bitdefendergravityzoneMatch6.24.1-1

CPENameOperatorVersion
bitdefender:endpoint_security_toolsbitdefender endpoint security toolslt6.2.21.160
bitdefender:endpoint_security_toolsbitdefender endpoint security toolslt6.6.27.390
bitdefender:endpoint_security_toolsbitdefender endpoint security toolslt7.1.2.33
bitdefender:gravityzonebitdefender gravityzoneeq6.24.1-1

CPE	Name	Operator	Version
bitdefender:endpoint_security_tools	bitdefender endpoint security tools	lt	6.2.21.160
bitdefender:endpoint_security_tools	bitdefender endpoint security tools	lt	6.6.27.390
bitdefender:endpoint_security_tools	bitdefender endpoint security tools	lt	7.1.2.33
bitdefender:gravityzone	bitdefender gravityzone	eq	6.24.1-1

CNA Affected

[
  {
    "product": "Endpoint Security Tools",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "6.6.27.390",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.1.2.33",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Unified Endpoint for Linux",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "6.2.21.160",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "GravityZone",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "6.24.1-1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bitdefender.com/support/security-advisories/server-side-request-forgery-eppupdateservice-remote-config-file-va-9825/

www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-eppupdateservice-remote-config-file-va-9825/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

JSON

Related for CVE-2021-3553

nvd1 prion1 cvelist1