Lucene search

[email protected]NVD:CVE-2022-3369

HistoryNov 01, 2022 - 8:15 a.m.

CVE-2022-3369

2022-11-0108:15:10

CWE-269

[email protected]

web.nvd.nist.gov

improper access control

bdservicehost.exe

registry symlink

bitdefender engines

windows

privileged registry keys

bitdefender antivirus

bitdefender internet security

bitdefender total security

bitdefender endpoint security tools.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

20.2%

JSON

An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659.

Affected configurations

Nvd

Node

bitdefenderenginesRange<7.92659

VendorProductVersionCPE
bitdefenderengines*cpe:2.3:a:bitdefender:engines:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bitdefender	engines	*	cpe:2.3:a:bitdefender:engines::::::::

References

www.bitdefender.com/support/security-advisories/improper-handling-of-registry-symbolic-links-in-bitdefender-engines-va-10562

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

20.2%

JSON

Related for NVD:CVE-2022-3369

prion1 cve1 cvelist1