CVE-2021-3576
HIGHBitdefender <7.2.1.65, <25.0.26 - Privilege Escalation
Title source: llmDescription
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-1276/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-1376/
Scores
CVSS v3
7.8
EPSS
0.0094
EPSS Percentile
56.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
CWE-250
Status
published
Products (2)
bitdefender/endpoint_security_tools
< 7.2.1.65
bitdefender/total_security
< 25.0.26
Published
Oct 28, 2021
Tracked Since
Feb 18, 2026