CVE-2021-34923 – CVE-2021-34923 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-34923?

CVE-2021-34923 has a CVSS score of 7.8 (HIGH). CVE-2021-34923 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files, potentially compromising affected systems. This affects Bentley View version 10.15.0.75 users who process JT files.

📋 TL;DR

CVE-2021-34923 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files, potentially compromising affected systems. This affects Bentley View version 10.15.0.75 users who process JT files.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious JT files. All default installations of affected version are vulnerable.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected workstation, potentially leading to lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data theft, malware installation, or persistence on the compromised system.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only causing application crashes.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious file is opened. ZDI has published technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.0.77 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View installer from official Bentley website. 2. Run installer with administrative privileges. 3. Follow installation prompts. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove Bentley View as default handler for JT files to prevent automatic exploitation

Control Panel > Default Programs > Set Default Programs > Select Bentley View > Choose defaults for this program > Uncheck .jt extension

Application sandboxing

windows

Run Bentley View in restricted environment to limit potential damage

🧯 If You Can't Patch

Implement strict file type filtering to block JT files at network perimeter
Educate users to never open JT files from untrusted sources and implement application whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About dialog. If version is 10.15.0.75, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is 10.16.0.77 or later in Help > About dialog and test opening known safe JT files.

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected process creation from Bentley View executable
Failed attempts to open corrupted JT files

Network Indicators:

Downloads of JT files from untrusted sources
Outbound connections from Bentley View to suspicious IPs

SIEM Query:

Process Creation where Image contains 'BentleyView.exe' AND ParentImage contains 'explorer.exe' AND CommandLine contains '.jt'

📊 Metadata

CVE ID: CVE-2021-34923

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1511/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1511/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34923, you might also want to check these: