CVE-2021-3960: Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-10146)
First published: Wed Dec 01 2021(Updated: )
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272
Credit: cve-requests@bitdefender.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bitdefender GravityZone | <3.3.8.272 |
Remedy
An automatic update to Bitdefender GravityZone version 3.3.8.272 fixes the issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-3960.
What is the severity of CVE-2021-3960?
The severity of CVE-2021-3960 is high with a severity value of 7.8.
What is the affected software for CVE-2021-3960?
The affected software for CVE-2021-3960 is Bitdefender GravityZone versions prior to 3.3.8.272.
How does CVE-2021-3960 impact the system?
CVE-2021-3960 allows an attacker to execute arbitrary code on vulnerable instances.
How can I fix CVE-2021-3960?
To fix CVE-2021-3960, it is recommended to update Bitdefender GravityZone to version 3.3.8.272 or above.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/bitdefender
- canonical/bitdefender gravityzone