Bitdefender GravityZone Update Server (versions 6.36.1, Endpoint Security for Linux 7.0.5.200089, and Endpoint Security for Windows 7.9.9.380) is vulnerable to server-side request forgery (SSRF) due to an incorrect regular expression.
The weakness allows an attacker to send crafted requests to the server that will be misinterpreted as legitimate. The server, tricked by the irregular expression, will then unknowingly execute those requests.
In the context of SSRF, these requests can be designed to retrieve confidential data from internal systems, manipulate internal configurations, or even pivot to other parts of the network.
In this case, a successful exploit could allow an attacker to reconfigure the update relay, potentially disrupting update delivery or injecting malicious updates into the network.
Bitdefender’s GravityZone
Bitdefender’s GravityZone Update Server has a critical vulnerability (CVSS score: 8.1) that could allow an attacker remote access (attack vector: network) to compromise the server with low privileges (privileges required: none).
The vulnerability complexity is high (attack complexity: high), meaning it may require specialized skills or knowledge to exploit, where an exploit may already exist (temporal score not provided), and there is no user interaction necessary (user interaction: none) to take advantage of this vulnerability.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
The vulnerability could give an attacker complete control over the confidentiality (attacker can steal data), integrity (attacker can modify data), and availability (attacker can disable the server) of the Update Server.
Bitdefender GravityZone Update Server suffers from an Incorrect Regular Expression vulnerability, which enables attackers to forge server-side requests and manipulate the update relay configuration.
A weakness in the implemented regular expression allows unauthorized modification, potentially leading to a compromise of the update relay, which impacts Bitdefender Endpoint Security for Linux (version 7.0.5.200089), Endpoint Security for Windows (version 7.9.9.380), and GravityZone Control Center (On-Premises version 6.36.1).
A critical security update has been released to address vulnerabilities (CVE-2024-2223 & CVE-2024-2224), potentially allowing attackers to escalate privileges or potentially manipulate the update server.
Users of Bitdefender Endpoint Security for Linux (version 7.0.5.200089) and Windows (version 7.9.9.380), along with those managing GravityZone Control Center (On-Premises version 6.36.1), should upgrade to the corresponding patched versions (Linux version 7.0.5.200090, Windows version 7.9.9.381, and GravityZone Control Center version 6.36.1-1) to mitigate these risks.
Bitdefender released security updates to address two vulnerabilities (CVE-2024-2223 and CVE-2024-2224) in GravityZone. These updates impact Bitdefender Endpoint Security for Linux (version 7.0.5.200089), Endpoint Security for Windows (version 7.9.9.380), and GravityZone Control Center (On-Premises version 6.36.1).
CVE-2024-2223 allows attackers to manipulate the update server through a regular expression flaw potentially.
CVE-2024-2224 is more severe, enabling privilege escalation on affected systems. Upgrading to Bitdefender Endpoint Security for Linux version 7.0.5.200090, Endpoint Security for Windows version 7.9.9.381, and GravityZone Control Center (On-Premises) version 6.36.1-1 mitigates the vulnerabilities.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.