CVE-2021-3554 CRITICAL

CVE-2021-3554: Improper Access Control vulnerability in the patchesUpdate API

Vendor Bitdefender

Product Endpoint Security Tools for Linux

Weakness CWE-284

Published November 24, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

9.0/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

Key dates

02Disclosure timeline

November 24, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-3554

Related vulnerabilities

Identifiers

CVE CVE-2021-3554

CWE CWE-284

CVSS 9.0 / CRITICAL

Affected versions

Vendor Bitdefender

Product Endpoint Security Tools for Linux

Affected ≥ unspecified and < 6.6.27.390

Vendor Bitdefender

Product Endpoint Security Tools for Linux

Affected ≥ unspecified and < 7.1.2.33

Vendor Bitdefender

Product Unified Endpoint

Affected ≥ unspecified and < 6.2.21.160

Vendor Bitdefender

Product GravityZone

Affected ≥ unspecified and < 6.24.1-1

CVE-2021-3554: Improper Access Control vulnerability in the patchesUpdate API

01Description

02Disclosure timeline

03References

04Related CVE