Lucene search

K

PRIOn knowledge basePRION:CVE-2018-8955

HistoryOct 24, 2018 - 10:29 p.m.

Design/Logic Flaw

2018-10-2422:29:00

PRIOn knowledge base

www.prio-n.com

3

9.7 High

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file’s digital signature unchanged.

References

packetstormsecurity.com/files/149900/Bitdefender-GravityZone-Installer-Signature-Bypass-Code-Execution.html

seclists.org/fulldisclosure/2018/Oct/44

www.securitytracker.com/id/1041940

labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/

9.7 High

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

Related for PRION:CVE-2018-8955

cvelist1 nvd1 cve1