Code injection

2021-10-2814:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client’s security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.

CPENameOperatorVersion
endpoint_security_toolslt7.2.1.65
total_securitylt25.0.26

CPE	Name	Operator	Version
	endpoint_security_tools	lt	7.2.1.65
	total_security	lt	25.0.26

References

www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848/

www.zerodayinitiative.com/advisories/ZDI-21-1276/

www.zerodayinitiative.com/advisories/ZDI-21-1376/