PT-2019-12890 · Bitdefender · Bitdefender Box

Publicado

2019-10-31

Atualizado

2020-08-24

CVE-2019-12612

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bitdefender BOX versions prior to 2.1.37.37-34

Description An issue was discovered that allows an attacker to pass arbitrary code to the BOX appliance via the web API. To exploit this, an attacker needs presence in the Bitdefender BOX setup network and the BOX must be in setup mode.

Recommendations For versions prior to 2.1.37.37-34, update to version 2.1.37.37-34 or later to resolve the issue. As a temporary workaround, consider restricting access to the web API until a patch is applied.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2019-12612

Produtos afetados

Bitdefender Box

PT-2019-12890 · Bitdefender · Bitdefender Box

CVE-2019-12612

Identificadores relacionados

Produtos afetados

Referências · 3