CVE-2021-3423

Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
BitdefenderCNA
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
bitdefendergravityzone_business_security
𝑥
< 6.6.23.329
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-gravityzone-business-security-va-9557
https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-gravityzone-business-security-va-9557