An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode.
References
Link | Resource |
---|---|
https://www.bitdefender.com/support/security-advisories/bitdefender-box-local-code-execution/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-31T16:02:53
Updated: 2019-10-31T16:02:53
Reserved: 2019-06-03T00:00:00
Link: CVE-2019-12612
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-31T17:15:10.227
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-12612
JSON object: View
Redhat Information
No data.
CWE