CVE-2022-0357

Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bitdefender:antivirus_plus::::::::
	cpe:2.3:a:bitdefender:internet_security::::::::
	cpe:2.3:a:bitdefender:total_security::::::::

History

31 May 2023, 19:29

Type	Values Removed	Values Added
First Time		Bitdefender antivirus Plus Bitdefender total Security Bitdefender Bitdefender internet Security
CPE		cpe:2.3:a:bitdefender:internet_security:::::::: cpe:2.3:a:bitdefender:total_security:::::::: cpe:2.3:a:bitdefender:antivirus_plus::::::::
References	~~(MISC) https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security -~~	(MISC) https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

24 May 2023, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-24 08:15

Updated : 2023-12-10 15:01

NVD link : CVE-2022-0357

Mitre link : CVE-2022-0357

CVE.ORG link : CVE-2022-0357

JSON object : View

Products Affected

bitdefender

total_security
antivirus_plus
internet_security

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2022-0357", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve-requests@bitdefender.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2023-05-24T08:15:08.957", "references": [{"url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security", "tags": ["Vendor Advisory"], "source": "cve-requests@bitdefender.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve-requests@bitdefender.com", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45."}], "lastModified": "2023-05-31T19:29:13.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF0B6471-635E-483D-9BC5-DBDD00C9B90C", "versionEndExcluding": "26.0.10.45"}, {"criteria": "cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE68669B-FBEC-4060-B97A-845BA269B8ED", "versionEndExcluding": "26.0.10.45"}, {"criteria": "cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02A583B6-D71B-4F97-AC44-362F8D1008FB", "versionEndExcluding": "26.0.10.45"}], "operator": "OR"}]}], "sourceIdentifier": "cve-requests@bitdefender.com"}