CVE-2021-34925 – CVE-2021-34925 is a stack-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2021-34925?

CVE-2021-34925 has a CVSS score of 7.8 (HIGH). CVE-2021-34925 is a stack-based buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files or visiting malicious web pages. Users of affected Bentley View versions are vulnerable.

📋 TL;DR

CVE-2021-34925 is a stack-based buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files or visiting malicious web pages. Users of affected Bentley View versions are vulnerable.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75 and earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with JT file parsing capability are vulnerable by default.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker executing arbitrary code with the same privileges as the Bentley View process, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious JT files from untrusted sources.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only application crash.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via web downloads or email attachments.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal file shares.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but the vulnerability itself is straightforward to exploit once malicious JT file is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Bentley View 10.16.0.80 and later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove file type association for .jt files to prevent automatic opening in Bentley View

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose different application

Application sandboxing

all

Run Bentley View in restricted environment or sandbox

🧯 If You Can't Patch

Implement strict email filtering for JT file attachments
Use application control to restrict Bentley View from accessing untrusted network locations

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About dialog

Check Version:

Windows: wmic product where name="Bentley View" get version

Verify Fix Applied:

Verify version is 10.16.0.80 or higher after update

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected process creation from Bentley View

Network Indicators:

Downloads of JT files from suspicious sources
Outbound connections from Bentley View to unknown IPs

SIEM Query:

Process Creation where Image contains "BentleyView.exe" and ParentImage not in ("explorer.exe", "cmd.exe")

📊 Metadata

CVE ID: CVE-2021-34925

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1513/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1513/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34925, you might also want to check these: