Back

Improper Link Resolution Before File Access in Bitdefender Endpoint Security Tools for Windows (VA-9921)

Publication date: November 9th, 2021

CVE ID:

CVE-2021-3641

CVSS scrore:

6.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected vendors:

Bitdefender

Affected products:

Endpoint Security Tools for Windows

Vulnerability details:

Improper Link Resolution Before File Access (‘Link Following’) vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service.

This issue affects Bitdefender Endpoint Security Tools version 7.1.2.33 and prior versions.

Additional details:

An automatic update to a newer version of Bitdefender Bitdefender Endpoint Security Tools for Windows fixes the issue

Credit:

@Kharosx0 working with Trend Micro Zero Day Initiative