CVE Tools
Sign in

CVE-2021-3554

Published: Nov 24, 2021Updated: Nov 21, 2024 Sources: CVE List NVDCWE-284
NVD MITRE
9.0CVSSCRITICAL
EPSS Score
2.7%
Top 16.1%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Workaround Only

Description

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

CVSS Vector Breakdown

AV:NAC:HPR:NUI:NS:CC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:HAttack Complexity
High
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:CScope
Changed
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-284NVD-CWE-Other

Affected Products

endpoint security toolsbitdefenderSecurity Products
gravityzonebitdefenderSecurity Products
Endpoint Security Tools for LinuxBitdefenderSecurity Products
Unified EndpointBitdefenderSecurity Products
GravityZoneBitdefenderSecurity Products
bitdefendercommercialROSecurity Products

Exploitability

Workaround Available

References

https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825
bitdefender.com

Timeline

Published
Nov 24, 2021
Last Updated
Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2021-3554 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows