Back
Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe (VA-9848)
Publication date: October 28th, 2021
CVSS scrore:
7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected vendors:
Bitdefender
Affected products:
Bitdefender Endpoint Security Tools version 7.2.1.65, Bitdefender Total Security
Vulnerability details:
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM.
This issue affects:
- Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65.
- Bitdefender Total Security versions prior to 7.2.1.65.
Additional details:
An automatic update to Bitdefender Endpoint Security Tools version 7.2.1.65, Bitdefender Total Security version 25.0.26 fixes the issue.
Credit:
Michael DePlante of Trend Micro Zero Day Initiative