CVE-2021-46578 : Security Advisory and Response

A vulnerability in Bentley MicroStation CONNECT version 10.16.0.80 allows remote attackers to execute arbitrary code, posing a high risk to confidentiality, integrity, and availability.

Understanding CVE-2021-46578

This CVE involves a flaw in parsing JT files in Bentley MicroStation CONNECT, which can be exploited by attackers to run code on the affected system.

What is CVE-2021-46578?

The vulnerability enables attackers to execute arbitrary code on installations of Bentley MicroStation CONNECT 10.16.0.80 by exploiting a flaw in JT file parsing.

The Impact of CVE-2021-46578

CVSS Base Score: 7.8 (High)
Attack Vector: Local
Attack Complexity: Low
User Interaction: Required
Confidentiality, Integrity, and Availability Impact: High

Technical Details of CVE-2021-46578

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The flaw stems from the lack of validating an object's existence before performing operations on it, enabling attackers to execute code in the current process.

Affected Systems and Versions

Product: MicroStation CONNECT
Vendor: Bentley
Version: 10.16.0.80 (affected)

Exploitation Mechanism

Attackers need user interaction for exploitation, requiring the target to visit a malicious page or open a malicious file.

Mitigation and Prevention

To safeguard systems from CVE-2021-46578, follow these mitigation strategies:

Immediate Steps to Take

Update MicroStation CONNECT to a secure version
Exercise caution when browsing the internet to avoid visiting malicious websites
Implement endpoint protection solutions

Long-Term Security Practices

Regularly update software and patches
Conduct security awareness training to educate users on safe browsing habits

Patching and Updates

Apply security patches promptly to mitigate known vulnerabilities