CVE-2021-3576 Vulnerability Details

  /     /     /  

CVE-2021-3576 Metadata Quick Info

CVE Published: 28/10/2021 | CVE Updated: 17/09/2024 | CVE Year: 2021
Source: Bitdefender | Vendor: Bitdefender | Product: Endpoint Security Tools
Status : PUBLISHED

---

CVE-2021-3576 Description

Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to \'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client\'s security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.

Metrics

CVSS Version: 3.1 | Base Score: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-250
CWE Name: CWE-250 Execution with Unnecessary Privileges
Source: Bitdefender

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).