Can you explain this vulnerability to me?

This vulnerability is an improper access restriction in Bitdefender Endpoint Security Tools for Mac before version 7.20.52.200087. It allows local users with administrative (sudo) privileges to bypass the uninstall password protection by manually removing the application directory and related directories without needing the uninstall password.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability allows an unauthorized user with sudo privileges to uninstall Bitdefender Endpoint Security Tools without the configured uninstall password. This could lead to the removal of security protections on the Mac system, potentially exposing the system to malware or other security threats.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking if the Bitdefender Endpoint Security Tools for Mac application directory (/Applications/Endpoint Security for Mac.app/) and related directories within /Library/Bitdefender/AVP exist and verifying if local users with administrative privileges can access or remove these directories without requiring the uninstall password. Commands such as `ls -ld /Applications/Endpoint\ Security\ for\ Mac.app/` and `ls -ld /Library/Bitdefender/AVP` can be used to check directory permissions. Additionally, attempting to remove these directories with sudo privileges without the uninstall password can confirm the vulnerability.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting local user access with administrative privileges to prevent unauthorized removal of the application directories. Ensure that uninstall password protection is properly enforced and consider upgrading Bitdefender Endpoint Security Tools for Mac to version 7.20.52.200087 or later, where this vulnerability is fixed.

Useful 0 Not Useful 0