Bitdefender GravityZone Flaw Let Hackers Launch SSRF Attacks


Bitdefender has recently fixed a critical Server-Side Request Forgery (SSRF) vulnerability in its GravityZone Console On-Premise, known as CVE-2024-4177.

This flaw, discovered in the host whitelist parser, could have allowed malicious actors to exploit the system by sending crafted requests, potentially leading to unauthorized access and data breaches.

The vulnerability was first reported by security researcher Nicolas VERDIER (n1nj4sec) who noted that the host whitelist parser in the GravityZone Console did not properly validate input, enabling attackers to manipulate server requests.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

This vulnerability, found in the host whitelist parser of the GravityZone Console On-Premise, allows attackers to send crafted requests that the server can misinterpret as legitimate. Here are the primary impacts on users:

  1. Unauthorized Access: Attackers can exploit this vulnerability to gain unauthorized access to internal systems. By manipulating the server to process malicious requests, attackers can potentially access sensitive data otherwise protected within the internal network.
  2. Data Exposure: The SSRF vulnerability can expose confidential information. Attackers can craft requests designed to retrieve sensitive data from internal systems, including personal details, business-critical data, or other confidential records.
  3. Network Manipulation: Exploiting this vulnerability allows attackers to manipulate internal configurations. This could involve altering network settings, reconfiguring update relays, or even injecting malicious updates into the network, thereby compromising the integrity of the system.
  4. Potential for Further Exploitation: Once inside the network, attackers can use the compromised system as a pivot point to launch further attacks. This could involve spreading malware, escalating privileges, or moving laterally within the network to compromise additional systems.
  5. Service Disruption: The ability to manipulate update relays and configurations can lead to service disruptions. Attackers could potentially disrupt the delivery of updates, causing delays or failures in critical security patches, which could leave the system vulnerable to other threats.

Bitdefender has responded promptly by releasing a security advisory and a patch to address the issue. The company emphasized the importance of updating to the latest version to mitigate any potential risks associated with this vulnerability.

Users of the GravityZone Console On-Premise are advised to apply the patch immediately to ensure their systems are protected against possible exploitation attempts.

Bitdefender has released a patch to address the SSRF vulnerability. Users should immediately update their GravityZone Console On-Premise to the latest version, which includes the fix for this issue. The patched version is 6.38.1-2

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 



Source link