CVE-2021-34910 : What You Need to Know
Learn about CVE-2021-34910 affecting Bentley View version 10.15.0.75. Understand the impact, technical details, and mitigation steps for this vulnerability.
This CVE-2021-34910 affects Bentley View version 10.15.0.75. It allows remote attackers to disclose sensitive information by exploiting a vulnerability in the parsing of DGN files. An attacker can execute arbitrary code in the context of the current process by leveraging this flaw. Here is what you need to know about CVE-2021-34910.
Understanding CVE-2021-34910
CVE-2021-34910 is a vulnerability that affects Bentley View version 10.15.0.75. It was discovered by Mat Powell of Trend Micro Zero Day Initiative.
What is CVE-2021-34910?
This vulnerability in Bentley View 10.15.0.75 allows remote attackers to access sensitive information by exploiting an issue in the parsing of DGN files. The lack of proper validation of user-supplied data leads to a read past the end of an allocated buffer, enabling attackers to execute arbitrary code.
The Impact of CVE-2021-34910
The impact of CVE-2021-34910 is rated as low severity. Attackers can disclose sensitive information and execute arbitrary code, requiring user interaction by visiting a malicious page or opening a malicious file.
Technical Details of CVE-2021-34910
CVE-2021-34910 is classified as a CWE-125: Out-of-bounds Read vulnerability. It has a CVSS v3.0 base score of 3.3, with low attack complexity and vector being local.
Vulnerability Description
The vulnerability arises due to the lack of proper validation of user-supplied data in Bentley View 10.15.0.75, leading to an out-of-bounds read issue in the parsing of DGN files.
Affected Systems and Versions
- Product: View
- Vendor: Bentley
- Version: 10.15.0.75
Exploitation Mechanism
User interaction is necessary for exploitation. The target must visit a malicious page or open a malicious file to trigger the vulnerability.
Mitigation and Prevention
To safeguard systems from CVE-2021-34910, immediate steps should be taken along with the implementation of long-term security practices.
Immediate Steps to Take
Users are advised to avoid visiting unknown or suspicious websites and refrain from opening files from untrusted sources.
Long-Term Security Practices
Regularly updating Bentley View to the latest version, implementing security patches, and conducting security audits are essential for long-term protection.
Patching and Updates
Stay informed about security advisories from Bentley and apply patches promptly to mitigate the risk of exploitation.