Main Vulnerability Database Vulnerabilities #VU22594

Input validation error in Bitdefender BOX - CVE-2019-12612

Published: November 7, 2019

Vulnerability identifier: #VU22594

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-12612

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Bitdefender

Affected software:
Bitdefender BOX

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code to the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A local authenticated administrator can pass arbitrary code to the BOX appliance via the web API.

In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode.

How to mitigate CVE-2019-12612

Install updates from vendor's website.

Sources

https://www.bitdefender.com/support/security-advisories/bitdefender-box-local-code-execution/

Input validation error in Bitdefender BOX - CVE-2019-12612

Detailed vulnerability description

How to mitigate CVE-2019-12612

Sources

Please verify you're human