Vulnerability CVE-2019-17099


Published: 2020-01-27

Description:
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.

Type:

CWE-426

(Untrusted Search Path)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Bitdefender -> Endpoint security tools 

 References:
https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/

Copyright 2021, cxsecurity.com

 

Back to Top