CVEs-PoC/2021/CVE-2021-3485.md

### [CVE-2021-3485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3485)
![](https://img.shields.io/static/v1?label=Product&message=Endpoint%20Security%20Tools%20for%20Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20unspecified%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-494%20Download%20of%20Code%20Without%20Integrity%20Check&color=brighgreen)

### Description

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.

### POC

#### Reference
- https://herolab.usd.de/security-advisories/usd-2021-0014/

#### Github
No PoCs found on GitHub currently.