CVE-2021-34895 – CVE-2021-34895 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2021-34895?

CVE-2021-34895 has a CVSS score of 7.8 (HIGH). CVE-2021-34895 is a use-after-free vulnerability in Bentley View's 3DS file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious 3DS files or visiting malicious web pages. This affects users of Bentley View 10.15.0.75 who process untrusted 3DS files.

📋 TL;DR

CVE-2021-34895 is a use-after-free vulnerability in Bentley View's 3DS file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious 3DS files or visiting malicious web pages. This affects users of Bentley View 10.15.0.75 who process untrusted 3DS files.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious 3DS file or visit malicious webpage. All default installations of affected version are vulnerable.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the Bentley View process, potentially leading to lateral movement, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or arbitrary code execution within the context of the current user, enabling malware installation, data exfiltration, or persistence mechanisms.

🟢

If Mitigated

Limited impact due to application sandboxing, network segmentation, or user privilege restrictions preventing full system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but no authentication. ZDI-CAN-14862 suggests proof-of-concept exists in controlled environments.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.80 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer with administrative privileges. 3. Restart system after installation completes. 4. Verify version is 10.16.0.80 or higher.

🔧 Temporary Workarounds

Disable 3DS file association

windows

Remove Bentley View as default handler for .3ds files to prevent automatic exploitation

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .3ds > Change program

Application control policy

all

Block execution of Bentley View 10.15.0.75 using application whitelisting

🧯 If You Can't Patch

Implement network segmentation to isolate Bentley View systems from critical assets
Apply principle of least privilege by running Bentley View with restricted user accounts

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About dialog. If version is exactly 10.15.0.75, system is vulnerable.

Check Version:

wmic product where name="Bentley View" get version

Verify Fix Applied:

Verify version is 10.16.0.80 or higher in Help > About dialog after patching.

📡 Detection & Monitoring

Log Indicators:

Process creation events for Bentley View with suspicious command-line arguments
Application crash logs for Bentley View with memory access violations

Network Indicators:

Outbound connections from Bentley View process to unknown IPs
DNS requests for suspicious domains following Bentley View execution

SIEM Query:

source="windows" AND process_name="BentleyView.exe" AND (event_id=1 OR event_id=1000) AND command_line="*.3ds"

📊 Metadata

CVE ID: CVE-2021-34895

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1484/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1484/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34895, you might also want to check these: