Back

Privilege escalation in Bitdefender GravityZone Business Security (VA-9557)

Publication date: May 18th, 2021


CVE ID:
CVE-2021-3423
CVSS scrore:
7.8 - https://cvssjs.github.io/#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected vendors:
Bitdefender
Affected products:
GravityZone Business Security
Vulnerability details:

Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329.

Additional details:
An automatic update to version 6.6.23.329 fixes the issue.