Main Vulnerability Database Vulnerabilities #VU22594

#VU22594 Input validation error in Bitdefender BOX - CVE-2019-12612

Published: November 7, 2019

Vulnerability identifier: #VU22594

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-12612

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Bitdefender BOX

Software vendor:
Bitdefender

Description

The vulnerability allows a local user to execute arbitrary code to the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A local authenticated administrator can pass arbitrary code to the BOX appliance via the web API.

In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode.

Remediation

Install updates from vendor's website.

External links

https://www.bitdefender.com/support/security-advisories/bitdefender-box-local-code-execution/

#VU22594 Input validation error in Bitdefender BOX - CVE-2019-12612

Description

Remediation

External links

Please verify you're human