PT-2019-12890 · Bitdefender · Bitdefender Box

Published

2019-10-31

Updated

2020-08-24

CVE-2019-12612

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bitdefender BOX versions prior to 2.1.37.37-34

Description An issue was discovered that allows an attacker to pass arbitrary code to the BOX appliance via the web API. To exploit this, an attacker needs presence in the Bitdefender BOX setup network and the BOX must be in setup mode.

Recommendations For versions prior to 2.1.37.37-34, update to version 2.1.37.37-34 or later to resolve the issue. As a temporary workaround, consider restricting access to the web API until a patch is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-12612

Affected Products

Bitdefender Box

PT-2019-12890 · Bitdefender · Bitdefender Box

CVE-2019-12612

Related Identifiers

Affected Products

References · 3