Back

Improper Link Resolution Before File Access in Bitdefender Endpoint Security Tools for Windows (VA-9921)

Publication date: November 9th, 2021


CVE ID:
CVE-2021-3641
CVSS scrore:
6.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected vendors:
Bitdefender
Affected products:
Endpoint Security Tools for Windows
Vulnerability details:

Improper Link Resolution Before File Access (‘Link Following’) vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service.

This issue affects Bitdefender Endpoint Security Tools version 7.1.2.33 and prior versions.

Additional details:
An automatic update to a newer version of Bitdefender Bitdefender Endpoint Security Tools for Windows fixes the issue
Credit:
@Kharosx0 working with Trend Micro Zero Day Initiative