{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-0357", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "state": "PUBLISHED", "assignerShortName": "Bitdefender", "dateReserved": "2022-01-25T08:33:57.125Z", "datePublished": "2023-05-24T07:53:32.812Z", "dateUpdated": "2025-01-16T15:43:43.255Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Total Security", "vendor": "Bitdefender", "versions": [{"status": "affected", "version": "26.0.10.45"}]}, {"defaultStatus": "unaffected", "product": "Internet Security", "vendor": "Bitdefender", "versions": [{"status": "affected", "version": "26.0.10.45"}]}, {"defaultStatus": "unaffected", "product": "Antivirus Plus", "vendor": "Bitdefender", "versions": [{"status": "affected", "version": "26.0.10.45"}]}], "datePublic": "2023-05-24T09:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.<br><br>This issue affects:<br><br>Bitdefender Total Security<br>versions prior to 26.0.10.45.<br>Bitdefender Internet Security<br>versions prior to 26.0.10.45.<br>Bitdefender Antivirus Plus<br>versions prior to 26.0.10.45."}], "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45."}], "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2023-05-24T07:53:32.812Z"}, "references": [{"url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An automatic update to version 26.0.10.45 or higher fixes the issue.<br>"}], "value": "An automatic update to version 26.0.10.45 or higher fixes the issue.\n"}], "source": {"defect": ["VA-10294"], "discovery": "EXTERNAL"}, "title": "Improper Quoting Path Issue in Bitdefender Total Security", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:40.531Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T15:43:34.579572Z", "id": "CVE-2022-0357", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T15:43:43.255Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:40.531Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-0357", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-16T15:43:34.579572Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T15:42:54.794Z"}}], "cna": {"title": "Improper Quoting Path Issue in Bitdefender Total Security", "source": {"defect": ["VA-10294"], "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Bitdefender", "product": "Total Security", "versions": [{"status": "affected", "version": "26.0.10.45"}], "defaultStatus": "unaffected"}, {"vendor": "Bitdefender", "product": "Internet Security", "versions": [{"status": "affected", "version": "26.0.10.45"}], "defaultStatus": "unaffected"}, {"vendor": "Bitdefender", "product": "Antivirus Plus", "versions": [{"status": "affected", "version": "26.0.10.45"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "An automatic update to version 26.0.10.45 or higher fixes the issue.\n", "supportingMedia": [{"type": "text/html", "value": "An automatic update to version 26.0.10.45 or higher fixes the issue.<br>", "base64": false}]}], "datePublic": "2023-05-24T09:00:00.000Z", "references": [{"url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45.", "supportingMedia": [{"type": "text/html", "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.<br><br>This issue affects:<br><br>Bitdefender Total Security<br>versions prior to 26.0.10.45.<br>Bitdefender Internet Security<br>versions prior to 26.0.10.45.<br>Bitdefender Antivirus Plus<br>versions prior to 26.0.10.45.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2023-05-24T07:53:32.812Z"}}}, "cveMetadata": {"cveId": "CVE-2022-0357", "state": "PUBLISHED", "dateUpdated": "2025-01-16T15:43:43.255Z", "dateReserved": "2022-01-25T08:33:57.125Z", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "datePublished": "2023-05-24T07:53:32.812Z", "assignerShortName": "Bitdefender"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF0B6471-635E-483D-9BC5-DBDD00C9B90C", "versionEndExcluding": "26.0.10.45", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE68669B-FBEC-4060-B97A-845BA269B8ED", "versionEndExcluding": "26.0.10.45", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "02A583B6-D71B-4F97-AC44-362F8D1008FB", "versionEndExcluding": "26.0.10.45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.\n\nThis issue affects:\n\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45."}], "id": "CVE-2022-0357", "lastModified": "2024-11-21T06:38:26.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-24T08:15:08.957", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}

{}