CVE-2021-3485

Summary

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.

Affected Software

VendorProductVersion RangeStatus
BitdefenderEndpoint Security Tools for Linuxunspecified < 6.2.21.155affected

Weaknesses

  • CWE-494: CWE-494 Download of Code Without Integrity Check

ADP Enrichment

CVE Program Container

Additional References

References