Cyber Resilience

CVE-2021-4198

Medium

Published: 07 March 2022

Published
07 March 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0013 32.3th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-4198 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Bitdefender Antivirus Plus. Its CVSS base score is 6.1 (Medium).

Operationally, ranked at the 32.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender…

more

Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

bitdefender
antivirus plus
≤ 26.0.3.29
bitdefender
endpoint security tools
≤ 7.2.2.92
bitdefender
internet security
≤ 26.0.3.29
bitdefender
total security
≤ 26.0.3.29
bitdefender
vpn standalone
≤ 25.5.0.48

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References