An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.
References
Link | Resource |
---|---|
https://herolab.usd.de/security-advisories/usd-2021-0014/ | Exploit Third Party Advisory |
https://www.bitdefender.com/support/security-advisories/improper-input-validation-in-bitdefender-endpoint-security-tools-for-linux-va-9769 | Vendor Advisory |
Configurations
History
16 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155. |
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
Summary | An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155. |
Information
Published : 2021-05-24 14:15
Updated : 2024-09-16 17:15
NVD link : CVE-2021-3485
Mitre link : CVE-2021-3485
CVE.ORG link : CVE-2021-3485
JSON object : View
Products Affected
bitdefender
- endpoint_security_tools
CWE
CWE-494
Download of Code Without Integrity Check