What is CVE-2021-3576?

CVE-2021-3576 is a vulnerability that allows local attackers to escalate privileges on affected installations of Bitdefender Total Security.

How does CVE-2021-3576 work?

CVE-2021-3576 allows an attacker to execute low-privileged code on the target system and exploit a flaw within the endpoint security tools of Bitdefender Total Security.

What is the severity of CVE-2021-3576?

CVE-2021-3576 has a severity rating of 7.8 (high).

Which software versions are affected by CVE-2021-3576?

CVE-2021-3576 affects Bitdefender Endpoint Security Tools version up to 7.2.1.65 and Bitdefender Total Security version up to 25.0.26.

How can I mitigate the risk of CVE-2021-3576?

To mitigate the risk of CVE-2021-3576, ensure that you have installed the latest updates and patches from Bitdefender.

Vulnerability/
CVE-2021-3576

high

7.8

CWE

269 250

28/10/2021

3/8/2024

17/9/2024

CVE-2021-3576: Bitdefender GravityZone Unnecessary Privileges Local Privilege Escalation Vulnerability

First published: Thu Oct 28 2021(Updated: )

Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.

Credit: cve-requests@bitdefender.com

Affected Software	Affected Version	How to fix
Bitdefender Endpoint Security Tools	<7.2.1.65
Bitdefender Total Security	<25.0.26
Bitdefender GravityZone
Bitdefender Total Security

Remedy

An automatic update to Bitdefender Endpoint Security Tools version 7.2.1.65, Bitdefender Total Security version 25.0.26 fixes the issue.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-3576?
CVE-2021-3576 is a vulnerability that allows local attackers to escalate privileges on affected installations of Bitdefender Total Security.
How does CVE-2021-3576 work?
CVE-2021-3576 allows an attacker to execute low-privileged code on the target system and exploit a flaw within the endpoint security tools of Bitdefender Total Security.
What is the severity of CVE-2021-3576?
CVE-2021-3576 has a severity rating of 7.8 (high).
Which software versions are affected by CVE-2021-3576?
CVE-2021-3576 affects Bitdefender Endpoint Security Tools version up to 7.2.1.65 and Bitdefender Total Security version up to 25.0.26.
How can I mitigate the risk of CVE-2021-3576?
To mitigate the risk of CVE-2021-3576, ensure that you have installed the latest updates and patches from Bitdefender.

collector/nvd-index
agent/type
agent/weakness
agent/author
agent/references
agent/remedy
agent/severity
agent/description
collector/zdi-advisory
source/ZDI
alias/ZDI-21-1376
alias/ZDI-CAN-14377
alias/CVE-2021-3576
agent/software-canonical-lookup
alias/ZDI-21-1276
alias/ZDI-CAN-13967
alias/CVE-2021-3579
agent/title
agent/softwarecombine
agent/tags
alias/ZDI-21-1277
alias/ZDI-CAN-13968
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
vendor/bitdefender
canonical/bitdefender endpoint security tools
canonical/bitdefender total security
canonical/bitdefender gravityzone

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.