PT-2020-14339 · Bitdefender · Bitdefender Update Server+1

Published

2020-11-09

Updated

2020-11-24

CVE-2020-15297

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 Bitdefender Update Server versions prior to 6.6.20.294

Description Insufficient validation in the Bitdefender Update Server and BEST Relay components allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network.

Recommendations For Bitdefender Endpoint Security Tools versions prior to 6.6.20.294, update to version 6.6.20.294 or later to resolve the issue. For Bitdefender Update Server versions prior to 6.6.20.294, update to version 6.6.20.294 or later to resolve the issue.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2020-15297

Affected Products

Bitdefender Endpoint Security Tools

Bitdefender Update Server

PT-2020-14339 · Bitdefender · Bitdefender Update Server+1

CVE-2020-15297

Weakness Enumeration

Related Identifiers

Affected Products

References · 5