First published: Mon May 24 2021(Updated: )
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.
Credit: cve-requests@bitdefender.com cve-requests@bitdefender.com
Affected Software | Affected Version | How to fix |
---|---|---|
Bitdefender Endpoint Security Tools | <6.2.21.155 |
An automatic update to version 6.2.21.155 fixes the issue.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3485 is an Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux.
CVE-2021-3485 allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution.
The severity of CVE-2021-3485 is medium with a CVSS score of 6.6.
Apply the necessary updates provided by Bitdefender to address the vulnerability.
Yes, you can find more information about CVE-2021-3485 in the following references: [link1](https://herolab.usd.de/security-advisories/usd-2021-0014/) [link2](https://www.bitdefender.com/support/security-advisories/improper-input-validation-in-bitdefender-endpoint-security-tools-for-linux-va-9769)