CVE-2024-2223

HIGH8.1

Incorrect Regular Expression in GravityZone Update Server (VA-11465)

Published Apr 9, 2024

Modified 1 years ago

Details

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:

Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1

References

WEB

https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-2223

CVSS Analysis

CVSS v3.1

8.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Other

CWE-185

Ecosystems

Timeline

PublishedApr 9, 2024

ModifiedAug 12, 2024