CVE-2021-46655 – CVE-2021-46655 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2021-46655?

CVE-2021-46655 has a CVSS score of 7.8 (HIGH). CVE-2021-46655 is a use-after-free vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files or visiting malicious web pages. Users of affected Bentley View versions are at risk.

📋 TL;DR

CVE-2021-46655 is a use-after-free vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files or visiting malicious web pages. Users of affected Bentley View versions are at risk.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the JT file parsing component. All installations with default configurations are vulnerable.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Arbitrary code execution in the context of the current user, allowing file system access, credential harvesting, and installation of malware.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only affecting the application process.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file/website) but can be delivered via email attachments or compromised websites.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files on network drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction but no authentication. The vulnerability was discovered by Zero Day Initiative (ZDI-CAN-15630).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.61 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download Bentley View version 10.16.0.61 or later from Bentley's official website. 2. Run the installer. 3. Restart the system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove the file association for .jt files to prevent automatic opening in Bentley View

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose another application

Application sandboxing

windows

Run Bentley View in a sandboxed environment to limit potential damage

🧯 If You Can't Patch

Implement strict email filtering to block JT file attachments
Use application control policies to restrict execution of Bentley View to trusted locations only

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version: Open Bentley View > Help > About. If version is 10.15.0.75 or earlier, the system is vulnerable.

Check Version:

In Bentley View: Help > About

Verify Fix Applied:

Verify Bentley View version is 10.16.0.61 or later. Test opening known-safe JT files to ensure functionality is preserved.

📡 Detection & Monitoring

Log Indicators:

Application crashes in Bentley View with JT file access
Unusual process creation from Bentley View executable

Network Indicators:

Downloads of JT files from untrusted sources
Outbound connections from Bentley View to suspicious IPs

SIEM Query:

Process Creation where Image contains 'BentleyView.exe' AND ParentImage contains 'explorer.exe' AND CommandLine contains '.jt'

📊 Metadata

CVE ID: CVE-2021-46655

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-242/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-242/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46655, you might also want to check these: