7.8

CVE-2021-3579

Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BitdefenderEndpoint Security Tools SwPlatformwindows Version < 7.2.1.65
BitdefenderTotal Security Version < 7.2.1.65
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.244
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
cve-requests@bitdefender.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.