gsd-2022-0357
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45.
Aliases
Aliases
CVE-2022-0357


To clipboard 

{
  "GSD": {
    "alias": "CVE-2022-0357",
    "id": "GSD-2022-0357"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-0357"
      ],
      "details": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45.",
      "id": "GSD-2022-0357",
      "modified": "2023-12-13T01:19:11.195769Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve-requests@bitdefender.com",
        "ID": "CVE-2022-0357",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Total Security",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "26.0.10.45"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Internet Security",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "26.0.10.45"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Antivirus Plus",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "26.0.10.45"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Bitdefender"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-428",
                "lang": "eng",
                "value": "CWE-428 Unquoted Search Path or Element"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security",
            "refsource": "MISC",
            "url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An automatic update to version 26.0.10.45 or higher fixes the issue.\u003cbr\u003e"
            }
          ],
          "value": "An automatic update to version 26.0.10.45 or higher fixes the issue.\n"
        }
      ],
      "source": {
        "defect": [
          "VA-10294"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "26.0.10.45",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "26.0.10.45",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "26.0.10.45",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-requests@bitdefender.com",
          "ID": "CVE-2022-0357"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-428"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-31T19:29Z",
      "publishedDate": "2023-05-24T08:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.