Vulnerability Description
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitdefender | Endpoint Security Tools | < 7.2.1.65 |
| Bitdefender | Total Security | < 25.0.26 |
Related Weaknesses (CWE)
References
- https://www.bitdefender.com/support/security-advisories/privilege-escalation-viaVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1276/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1376/Third Party AdvisoryVDB Entry
- https://www.bitdefender.com/support/security-advisories/privilege-escalation-viaVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1276/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1376/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-3576?
CVE-2021-3576 is a vulnerability with a CVSS score of 7.8 (HIGH). Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server ...
How severe is CVE-2021-3576?
CVE-2021-3576 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3576?
Check the references section above for vendor advisories and patch information. Affected products include: Bitdefender Endpoint Security Tools, Bitdefender Total Security.