Lucene search
Michael DePlante (@izobashi) of Trend Micro's Zero Day InitiativeZDI-21-1376HistoryDec 03, 2021 - 12:00 a.m.
Bitdefender GravityZone Unnecessary Privileges Local Privilege Escalation Vulnerability
2021-12-0300:00:00
Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
www.zerodayinitiative.com
7
bitdefender gravityzone
privilege escalation
local attackers
low-privileged code
endpoint client
untrusted process
arbitrary code
EPSS
0.001
Percentile
17.1%
This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender GravityZone. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the endpoint client. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
zdi
zdi
cvelist
cvelist
CVE-2021-3576 Privilege escalation via SeImpersonatePrivilege
2021-10-28 13:50:23
cve
cve
CVE-2021-3576
2021-10-28 14:15:08
nvd
nvd
CVE-2021-3576
2021-10-28 14:15:08
prion
prion
Code injection
2021-10-28 14:15:00