Login Sign Up

CVE-2021-3579

7.8 HIGH

📋 TL;DR

This vulnerability allows a local attacker to escalate privileges to SYSTEM level on Windows systems by exploiting incorrect default permissions in Bitdefender components. It affects Bitdefender Endpoint Security Tools for Windows and Total Security versions prior to 7.2.1.65, enabling unauthorized access to sensitive system resources.

💻 Affected Systems

Products:
  • Bitdefender Endpoint Security Tools for Windows
  • Bitdefender Total Security
Versions: Versions prior to 7.2.1.65
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the bdservicehost.exe and Vulnerability.Scan.exe components; default installations are vulnerable.

📦 What is this software?

Endpoint Security Tools by Bitdefender

View all CVEs affecting Endpoint Security Tools →

Total Security by Bitdefender

View all CVEs affecting Total Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full SYSTEM privileges, allowing complete control over the system, including installing malware, stealing data, or disabling security tools.

🟠

Likely Case

Local privilege escalation leading to persistence, credential theft, or lateral movement within a network.

🟢

If Mitigated

Limited impact if patched or if strong access controls prevent local attacker access.

🌐 Internet-Facing: LOW, as exploitation requires local access to the system.
🏢 Internal Only: HIGH, as internal attackers or malware with local foothold can exploit this to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access but is straightforward due to misconfigured permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.2.1.65 or later

Vendor Advisory: https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/

Restart Required: Yes

Instructions:

1. Open Bitdefender interface. 2. Check for updates in the settings. 3. Install update to version 7.2.1.65 or higher. 4. Restart the system as prompted.

🔧 Temporary Workarounds

Restrict Local Access

windows

Limit local user access to systems to reduce attack surface.

🧯 If You Can't Patch

  • Monitor for suspicious privilege escalation attempts using security logs.
  • Implement strict user access controls and least privilege principles.

🔍 How to Verify

Check if Vulnerable:

Check Bitdefender version in the application interface or via command: wmic product where name like 'Bitdefender%' get version

Check Version:

wmic product where name like 'Bitdefender%' get version

Verify Fix Applied:

Confirm version is 7.2.1.65 or later using the same command or interface.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation by bdservicehost.exe or Vulnerability.Scan.exe
  • Privilege escalation events in Windows Security logs

Network Indicators:

  • None, as this is a local exploit

SIEM Query:

EventID=4688 AND (ProcessName='bdservicehost.exe' OR ProcessName='Vulnerability.Scan.exe') AND NewProcessName contains 'SYSTEM'

📊 Metadata

CVE ID: CVE-2021-3579
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276
Published: October 28, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3579, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)