CVE-2022-0357 - OpenCVE

Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bitdefender	Antivirus Plus Internet Security Total Security

Configuration 1 [-]

OR	cpe:2.3:a:bitdefender:antivirus_plus::::::::
	cpe:2.3:a:bitdefender:internet_security::::::::
	cpe:2.3:a:bitdefender:total_security::::::::

No data.

References

Link	Providers
https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security

History

No history.

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2023-05-24T07:53:32.812Z

Updated: 2024-08-02T23:25:40.531Z

Reserved: 2022-01-25T08:33:57.125Z

Link: CVE-2022-0357

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-24T08:15:08.957

Modified: 2023-05-31T19:29:13.683

Link: CVE-2022-0357

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-0357", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "state": "PUBLISHED", "assignerShortName": "Bitdefender", "dateReserved": "2022-01-25T08:33:57.125Z", "datePublished": "2023-05-24T07:53:32.812Z", "dateUpdated": "2024-08-02T23:25:40.531Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Total Security", "vendor": "Bitdefender", "versions": [{"status": "affected", "version": "26.0.10.45"}]}, {"defaultStatus": "unaffected", "product": "Internet Security", "vendor": "Bitdefender", "versions": [{"status": "affected", "version": "26.0.10.45"}]}, {"defaultStatus": "unaffected", "product": "Antivirus Plus", "vendor": "Bitdefender", "versions": [{"status": "affected", "version": "26.0.10.45"}]}], "datePublic": "2023-05-24T09:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.<br><br>This issue affects:<br><br>Bitdefender Total Security<br>versions prior to 26.0.10.45.<br>Bitdefender Internet Security<br>versions prior to 26.0.10.45.<br>Bitdefender Antivirus Plus<br>versions prior to 26.0.10.45."}], "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45."}], "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2023-05-24T07:53:32.812Z"}, "references": [{"url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An automatic update to version 26.0.10.45 or higher fixes the issue.<br>"}], "value": "An automatic update to version 26.0.10.45 or higher fixes the issue.\n"}], "source": {"defect": ["VA-10294"], "discovery": "EXTERNAL"}, "title": "Improper Quoting Path Issue in Bitdefender Total Security", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:40.531Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF0B6471-635E-483D-9BC5-DBDD00C9B90C", "versionEndExcluding": "26.0.10.45", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE68669B-FBEC-4060-B97A-845BA269B8ED", "versionEndExcluding": "26.0.10.45", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "02A583B6-D71B-4F97-AC44-362F8D1008FB", "versionEndExcluding": "26.0.10.45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45."}], "id": "CVE-2022-0357", "lastModified": "2023-05-31T19:29:13.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2023-05-24T08:15:08.957", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "cve-requests@bitdefender.com", "type": "Primary"}]}