Local Code Execution Vulnerability in Bitdefender BOX by Bitdefender
CVE-2019-12612

7.8HIGH

Key Information:

Vendor: Bitdefender
Status: Box Firmware
Vendor: CVE Published:; 31 October 2019

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2019-12612?

A flaw was identified in the firmware of Bitdefender BOX prior to version 2.1.37.37-34 that enables attackers to execute arbitrary code through the web API. This vulnerability requires the attacker to be connected to the Bitdefender BOX setup network while the device is in setup mode, potentially allowing unauthorized access and control over the appliance.

References

https://www.bitdefender.com/support/security-advisories/b...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2019
Vulnerability Reserved
Jun 3, 2019