PT-2024-19289 · Bitdefender · Bitdefender Endpoint Security Tools For Windows+2
N1Nj4Sec
+1
·
Published
2024-04-09
·
Updated
2025-02-07
·
CVE-2024-2224
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
Description
The issue is related to an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone. This vulnerability allows an attacker to execute arbitrary code on vulnerable instances.
Recommendations
For Bitdefender Endpoint Security for Linux version 7.0.5.200089, update to a version that includes a fix for the UpdateServer component vulnerability.
For Bitdefender Endpoint Security for Windows version 7.9.9.380, update to a version that includes a fix for the UpdateServer component vulnerability.
For GravityZone Control Center (On Premises) version 6.36.1, update to a version that includes a fix for the UpdateServer component vulnerability.
As a temporary workaround, consider disabling the UpdateServer component until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitdefender Endpoint Security Tools For Linux
Bitdefender Endpoint Security Tools For Windows
Gravityzone Control Center