CVE-2021-4199

HIGH

Bitdefender Antivirus Plus - Incorrect Permission Assignment

Title source: rule

Description

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://www.bitdefender.com/support/security-advisories/incorrect-permission-assignment-for-critical-resource-vulnerability-in-bdreinit-exe-va-10017/

Third Party Advisory x_refsource_misc

https://www.zerodayinitiative.com/advisories/ZDI-22-484/

Scores

CVSS v3 7.8

EPSS 0.0058

EPSS Percentile 68.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (4)

bitdefender/antivirus_plus < 26.0.3.29

bitdefender/endpoint_security_tools < 7.4.3.146

bitdefender/internet_security < 26.0.3.29

bitdefender/total_security < 26.0.3.29

Published Mar 07, 2022

Tracked Since Feb 18, 2026