CVE-2021-34927 – CVE-2021-34927 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-34927?

CVE-2021-34927 has a CVSS score of 7.8 (HIGH). CVE-2021-34927 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files, potentially compromising their systems. This affects users of Bentley View version 10.15.0.75.

📋 TL;DR

CVE-2021-34927 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files, potentially compromising their systems. This affects users of Bentley View version 10.15.0.75.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious JT files. All default installations are vulnerable.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to malware installation, data exfiltration, and persistence mechanisms being established on the compromised system.

🟢

If Mitigated

Limited impact due to sandboxing or application hardening, potentially resulting in application crash rather than code execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious JT file is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.80 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View installer from Bentley website. 2. Run installer as administrator. 3. Follow installation prompts. 4. Restart computer after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove JT file type association with Bentley View to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose different application

Block JT files at perimeter

all

Configure email/web gateways to block JT file attachments and downloads

🧯 If You Can't Patch

Implement application allowlisting to prevent unauthorized applications from executing
Deploy endpoint detection and response (EDR) solutions to monitor for suspicious file parsing behavior

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is exactly 10.15.0.75, system is vulnerable.

Check Version:

wmic product where name="Bentley View" get version

Verify Fix Applied:

Verify version is 10.16.0.80 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes in Bentley View with JT file parsing errors
Unusual process creation from Bentley View executable

Network Indicators:

Downloads of JT files from untrusted sources
Outbound connections from Bentley View to suspicious IPs

SIEM Query:

source="windows" AND (process_name="BentleyView.exe" AND (event_id=1000 OR event_id=1001)) OR (file_extension=".jt" AND download_source="external")

📊 Metadata

CVE ID: CVE-2021-34927

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1515/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1515/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34927, you might also want to check these: