CVE-2021-34913 – CVE-2021-34913 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-34913?

CVE-2021-34913 has a CVSS score of 7.8 (HIGH). CVE-2021-34913 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit it by tricking users into opening malicious JT files, potentially compromising affected systems. Users of vulnerable Bentley View versions are at risk.

📋 TL;DR

CVE-2021-34913 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit it by tricking users into opening malicious JT files, potentially compromising affected systems. Users of vulnerable Bentley View versions are at risk.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75 and earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable when processing JT files.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the affected system, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data exfiltration, installation of malware, or ransomware deployment on the affected workstation.

🟢

If Mitigated

Limited impact with proper network segmentation and application sandboxing, potentially only crashing the Bentley View application.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but can be delivered via email attachments or compromised websites.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared network drives containing malicious JT files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious JT file is opened. ZDI has confirmed the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Bentley View 10.16.0.80 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove Bentley View as default handler for JT files to prevent automatic exploitation

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose different application

Application sandboxing

all

Run Bentley View in restricted environment to limit potential damage

🧯 If You Can't Patch

Implement strict email filtering for JT file attachments
Block JT file downloads from untrusted sources via web proxy

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About dialog. If version is 10.15.0.75 or earlier, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is 10.16.0.80 or later in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening JT files
Unusual process creation from Bentley View executable

Network Indicators:

Unexpected outbound connections from Bentley View process
JT file downloads from suspicious sources

SIEM Query:

Process Creation where Image contains 'bentley' AND ParentImage contains 'explorer' AND CommandLine contains '.jt'

📊 Metadata

CVE ID: CVE-2021-34913

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1467/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1467/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34913, you might also want to check these: