CVE-2021-3423 HIGH

CVE-2021-3423: Privilege escalation in Bitdefender GravityZone Business Security

Vendor Bitdefender
Product GravityZone Business Security
Weakness CWE-427
Published May 18, 2021
Last update September 17, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329.

Key dates

02Disclosure timeline

May 18, 2021 CVE published
September 17, 2024 Record updated