Incorrect Regular Expression Vulnerability Allows Server Side Request Forgery
CVE-2024-2223

9.8CRITICAL

Key Information:

Vendor: Bitdefender
Status: Gravityzone Control Center (on Premises); Endpoint Security For Windows; Endpoint Security For Linux
Vendor: CVE Published:; 9 April 2024

🔔 Create Bitdefender Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2024-2223?

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server permits an attacker to execute a Server Side Request Forgery (SSRF), compromising the security of affected systems. This vulnerability can lead to unauthorized reconfiguration of the relay, which may expose sensitive data and enable further attacks on the network. The issue impacts various versions of Bitdefender products, including Bitdefender Endpoint Security for Linux, Bitdefender Endpoint Security for Windows, and GravityZone Control Center. Users are strongly advised to update to the latest versions to mitigate potential risks.

Affected Version(s)

Endpoint Security for Linux 7.0.5.200089

Endpoint Security for Windows 7.9.9.380

GravityZone Control Center (On Premises) 6.36.1

News Articles

CybersecurityNews

CVE-2024-2223 CVE-2024-2224

Critical Bitdefender Vulnerabilities Let Attackers Gain Control Over System

Bitdefender GravityZone Update Server (versions 6.36.1, Endpoint Security for Linux 7.0.5.200089, and Endpoint Security for Windows

References

https://www.bitdefender.com/support/security-advisories/i...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Apr 12, 2024
Vulnerability published
Apr 9, 2024

Credit

Nicolas VERDIER -- n1nj4sec