Main Vulnerability Database Vulnerabilities #VU15512

#VU15512 Remote code execution in GravityZone - CVE-2018-8955

Published: October 23, 2018 / Updated: October 25, 2018

Vulnerability identifier: #VU15512

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-8955

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GravityZone

Software vendor:
Bitdefender

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a bypass of the digital signature GravityZone verification tools. A remote unauthenticated attacker can execute arbitrary code without breaking the original digital signature, and without embedding anything malicious into the installer itself.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/

#VU15512 Remote code execution in GravityZone - CVE-2018-8955

Description

Remediation

External links

Please verify you're human