Main Vulnerability Database Vulnerabilities #VU15512

Remote code execution in GravityZone - CVE-2018-8955

Published: October 23, 2018 / Updated: October 25, 2018

Vulnerability identifier: #VU15512

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-8955

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Bitdefender

Affected software:
GravityZone

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a bypass of the digital signature GravityZone verification tools. A remote unauthenticated attacker can execute arbitrary code without breaking the original digital signature, and without embedding anything malicious into the installer itself.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-8955

Install update from vendor's website.

Sources

https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/

Remote code execution in GravityZone - CVE-2018-8955

Detailed vulnerability description

How to mitigate CVE-2018-8955

Sources

Please verify you're human