CVE-2021-3579 Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe

🗓️ 28 Oct 2021 13:50:14Reported by BitdefenderType

Incorrect Default Permissions vulnerability in Bitdefender Endpoint Securit

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2021-3579	12 Oct 202109:00	–	attackerkb
BDU FSTEC	The vulnerabilities of bdservicehost.exe and Vulnerability.Scan.exe of the Bitdefender Endpoint Security Tools for Windows (BEST) and the antivirus software Bitdefender Total Security allow attackers to enhance their privileges.	7 Dec 202100:00	–	bdu_fstec
Circl	CVE-2021-3579	28 Oct 202118:17	–	circl
CNNVD	Bitdefender Endpoint Security Tool 安全漏洞	28 Oct 202100:00	–	cnnvd
CVE	CVE-2021-3579	28 Oct 202113:50	–	cve
EUVD	EUVD-2021-26888	7 Oct 202500:30	–	euvd
NVD	CVE-2021-3579	28 Oct 202114:15	–	nvd
Prion	Design/Logic Flaw	28 Oct 202114:15	–	prion
Zero Day Initiative	(0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability	28 Oct 202100:00	–	zdi
Zero Day Initiative	(0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability	28 Oct 202100:00	–	zdi

[
  {
    "product": "ENdpoint Security Tools for Windows",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "7.2.1.65",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Total Security",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "7.2.1.65",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-1277/
bitdefender	www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/

03 Nov 2021 09:06Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.8

EPSS0.00083

CWE-276