CVE-2021-34945 : What You Need to Know

This CVE-2021-34945 affects Bentley View version 10.15.0.75. An attacker can exploit this vulnerability to execute arbitrary code by tricking a user into visiting a malicious page or opening a malicious file.

Understanding CVE-2021-34945

This CVE allows remote attackers to execute arbitrary code on affected Bentley View installations.

What is CVE-2021-34945?

CVE-2021-34945 is a high-severity vulnerability that exists in the parsing of JT files in Bentley View version 10.15.0.75. It results from inadequate validation of user-supplied data's length before copying it to a heap-based buffer.

The Impact of CVE-2021-34945

The vulnerability has a CVSS base score of 7.8, with high impacts on confidentiality, integrity, and availability. Attackers can execute code in the context of the current process without requiring any special privileges.

Technical Details of CVE-2021-34945

This section delves into the specifics of the vulnerability.

Vulnerability Description

CVE-2021-34945 is classified as a CWE-122: Heap-based Buffer Overflow. It allows remote attackers to achieve arbitrary code execution.

Affected Systems and Versions

The vulnerability affects Bentley View version 10.15.0.75.

Exploitation Mechanism

The flaw can be exploited when a user interacts with a malicious page or opens a corrupted file, leading to the execution of arbitrary code.

Mitigation and Prevention

Protect your systems from CVE-2021-34945 using the following strategies.

Immediate Steps to Take

Users should avoid visiting unfamiliar or suspicious websites and refrain from opening untrusted files to prevent exploitation.

Long-Term Security Practices

Regularly update Bentley View to the latest version, apply security patches promptly, and educate users about safe browsing habits.

Patching and Updates

Stay informed about security advisories from Bentley and follow recommended patching procedures to address CVE-2021-34945 effectively.