Path Traversal Vulnerability Affects Bitdefender Endpoint Security Products
CVE-2024-2224

9.8CRITICAL

Key Information:

Vendor: Bitdefender
Status: Gravityzone Control Center (on Premises); Endpoint Security For Windows; Endpoint Security For Linux
Vendor: CVE Published:; 9 April 2024

🔔 Create Bitdefender Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2024-2224?

The vulnerability in the UpdateServer component of Bitdefender GravityZone pertains to improper limitations on pathnames, potentially leading to path traversal exploits. An attacker can leverage this flaw to execute arbitrary code on affected instances of the software. This vulnerability poses a significant risk to organizations using Bitdefender's products, particularly those versions listed as affected. Implementing timely patches and monitoring the security of your systems is crucial to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Endpoint Security for Linux 7.0.5.200089

Endpoint Security for Windows 7.9.9.380

GravityZone Control Center (On Premises) 6.36.1

News Articles

CybersecurityNews

CVE-2024-2223 CVE-2024-2224

Critical Bitdefender Vulnerabilities Let Attackers Gain Control Over System

Bitdefender GravityZone Update Server (versions 6.36.1, Endpoint Security for Linux 7.0.5.200089, and Endpoint Security for Windows

References

https://www.bitdefender.com/support/security-advisories/p...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Apr 12, 2024
Vulnerability published
Apr 9, 2024

Credit

Nicolas VERDIER -- n1nj4sec