CVE-2024-13872

Name of the Vulnerable Software and Affected Versions: Bitdefender Box versions 1.3.11.490 through 1.3.11.505

Description: The issue concerns the use of the insecure HTTP protocol to download assets over the Internet for updating and restarting daemons and detection rules on devices. Updates can be remotely triggered through the "/set temp token" API endpoint. This allows an unauthenticated and network-adjacent attacker to use man-in-the-middle (MITM) techniques to return malicious responses. As a result, restarted daemons that use malicious assets can be exploited for remote code execution on the device.

Recommendations: For Bitdefender Box versions 1.3.11.490 through 1.3.11.505, consider disabling the /set temp token API method until a secure update mechanism is implemented to prevent remote code execution risks. Restrict access to the device to minimize the risk of exploitation. Avoid using the insecure HTTP protocol for updates until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.