Attackers could attack systems with Bitdefender Endpoint Security Tools due to three security holes. The antivirus software is available for Linux, macOS and Windows. The installation of repaired versions should take place automatically.
One is considered to be particularly dangerous as “critical“Classified vulnerability (CVE-2021-3554) in the Linux version of the protection software. An attacker could be loud due to insufficient access restrictions the details of a warning message access the patchesUpdate API. It should then be possible to manipulate the update address. It is not currently clear from the description whether attackers can use this method to impose malicious code updates on victims after a successful attack.
The other two vulnerabilities (CVE-2021-3553, CVE-2021-3554) are each marked with “middle“Classified. If an attack (SSFR) works, attackers should be able to abuse the Endpoint Protection Relay as a proxy for remote hosts.
The versions are against the attacks described 18.104.22.168 and 22.214.171.1240 secured. All previous editions are said to be vulnerable.