Lucene search

K

MitreCVELIST:CVE-2018-8955

HistoryOct 24, 2018 - 10:00 p.m.

CVE-2018-8955

2018-10-2422:00:00

mitre

www.cve.org

9.7 High

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file’s digital signature unchanged.

References

packetstormsecurity.com/files/149900/Bitdefender-GravityZone-Installer-Signature-Bypass-Code-Execution.html

seclists.org/fulldisclosure/2018/Oct/44

www.securitytracker.com/id/1041940

labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/

9.7 High

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

Related for CVELIST:CVE-2018-8955

cve1 prion1 nvd1