CVE-2021-34935 – CVE-2021-34935 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-34935?

CVE-2021-34935 has a CVSS score of 7.8 (HIGH). CVE-2021-34935 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files, potentially compromising their systems. This affects users of Bentley View 10.15.0.75 who open untrusted JT files.

📋 TL;DR

CVE-2021-34935 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files, potentially compromising their systems. This affects users of Bentley View 10.15.0.75 who open untrusted JT files.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of Bentley View 10.15.0.75 are vulnerable when processing JT files. No special configuration required.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation leading to data exfiltration, credential theft, or system disruption for individual users who open malicious JT files.

🟢

If Mitigated

Limited impact with proper security controls - potentially isolated to the application process without system-wide compromise if sandboxed.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via email, downloads, or compromised websites.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious JT file is opened. ZDI-CAN-14913 indicates professional vulnerability research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.02 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer. 3. Restart computer. 4. Verify version is 10.16.02 or higher.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove Bentley View as default handler for .jt files to prevent automatic opening

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .jt to open with different application

Application sandboxing

all

Run Bentley View in restricted environment to limit potential damage

🧯 If You Can't Patch

Implement strict email filtering to block JT file attachments
Use application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version: Open Bentley View > Help > About. If version is exactly 10.15.0.75, system is vulnerable.

Check Version:

On Windows: wmic product where name="Bentley View" get version

Verify Fix Applied:

Verify version is 10.16.02 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Multiple crashes of Bentley View process
Unusual file access patterns for .jt files
Process spawning from Bentley View

Network Indicators:

Outbound connections from Bentley View to unknown IPs
Unusual DNS requests from system running Bentley View

SIEM Query:

Process:Name="Bentley View" AND (EventID=1000 OR EventID=1001) OR FileExtension=".jt" AND ProcessCreation

📊 Metadata

CVE ID: CVE-2021-34935

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1523/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1523/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34935, you might also want to check these: