CVE-2021-4199: Bitdefender Total Security Link Following Local Privilege Escalation Vulnerability
First published: Sat Feb 05 2022(Updated: )
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.
Credit: cve-requests@bitdefender.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bitdefender Antivirus Plus | <26.0.3.29 | |
| Bitdefender Endpoint Security Tools | <7.4.3.146 | |
| BitDefender Internet Security | <26.0.3.29 | |
| Bitdefender Total Security | <26.0.3.29 | |
| Bitdefender Total Security |
Remedy
An automatic update to the following product versions fixes the issue: - Bitdefender Total Security version 26.0.10.45. - Bitdefender Internet Security version 26.0.10.45. - Bitdefender Antivirus Plus version 26.0.10.45. - Bitdefender Endpoint Security Tools for Windows version 7.4.3.146.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bitdefender.com/support/security-advisories/incorrect-permission-assignment-for-critical-resource-vulnerability-in-bdreinit-exe-va-10017/
- https://www.zerodayinitiative.com/advisories/ZDI-22-484/
- https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10017/
Frequently Asked Questions
What is CVE-2021-4199?
CVE-2021-4199 is a vulnerability in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows that allows a remote attacker to escalate local privileges to SYSTEM.
What is the severity of CVE-2021-4199?
The severity of CVE-2021-4199 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2021-4199?
Bitdefender Antivirus Plus up to version 26.0.3.29, Bitdefender Endpoint Security Tools up to version 7.4.3.146, BitDefender Internet Security up to version 26.0.3.29, and Bitdefender Total Security up to version 26.0.3.29 are affected by CVE-2021-4199.
How can I fix CVE-2021-4199?
To fix CVE-2021-4199, it is recommended to update Bitdefender Total Security, Internet Security, Antivirus Plus, and Endpoint Security Tools for Windows to the latest versions.
Where can I find more information about CVE-2021-4199?
More information about CVE-2021-4199 can be found on the Bitdefender support website and the Zero Day Initiative advisory.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/title
- agent/softwarecombine
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-484
- alias/ZDI-CAN-15206
- alias/CVE-2021-4199
- agent/software-canonical-lookup
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- vendor/bitdefender
- canonical/bitdefender antivirus plus
- canonical/bitdefender endpoint security tools
- canonical/bitdefender internet security
- canonical/bitdefender total security