CVE-2021-34931 – CVE-2021-34931 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2021-34931?

CVE-2021-34931 has a CVSS score of 7.8 (HIGH). CVE-2021-34931 is a use-after-free vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files or visiting malicious web pages. This affects users of Bentley View 10.15.0.75 who process JT files.

📋 TL;DR

CVE-2021-34931 is a use-after-free vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files or visiting malicious web pages. This affects users of Bentley View 10.15.0.75 who process JT files.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where Bentley View is installed and users process JT files. User interaction required (opening malicious file or visiting malicious page).

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the Bentley View process, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or arbitrary code execution within the context of the Bentley View application, potentially leading to data exfiltration or further system compromise.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only application crash or denial of service.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious JT file is opened. ZDI-CAN-14909 tracking suggests active research interest.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.02 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View installer from official Bentley website. 2. Run installer with administrative privileges. 3. Follow installation prompts. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove Bentley View as default handler for .jt files to prevent automatic exploitation

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose different application

Application sandboxing

windows

Run Bentley View with reduced privileges using application sandboxing tools

🧯 If You Can't Patch

Implement strict network segmentation to isolate systems running vulnerable Bentley View
Deploy application control policies to block execution of untrusted JT files

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.15.0.75, system is vulnerable.

Check Version:

Not applicable - check via GUI in Help > About menu

Verify Fix Applied:

Verify Bentley View version is 10.16.02 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unexpected Bentley View crashes when processing JT files
Suspicious child processes spawned from Bentley View

Network Indicators:

Outbound connections from Bentley View to unexpected destinations
JT file downloads from untrusted sources

SIEM Query:

Process Creation where Parent Process Name contains 'BentleyView.exe' AND Command Line contains suspicious patterns

📊 Metadata

CVE ID: CVE-2021-34931

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1519/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1519/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34931, you might also want to check these: