15 matches found
EUVD-2019-7563
Malware in sbrugna...
EUVD-2019-7568
Malware in sbrugna...
EUVD-2019-7562
Malware in sbrugna...
CVE-2019-17096
CVE-2019-17096 is a Bitdefender BOX 2 bootstrap command-injection vulnerability. In the bootstrap flow, the device fetches firmware/image data via /api/download_image, which uses get_image_url() to obtain a URL from the Nimbus server and then executes a curl command to download the image. The cod...
CVE-2019-17095
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...
CVE-2019-17095 Bitdefender BOX 2 bootstrap download_image command injection vulnerability
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...
CVE-2019-17095
CVE-2019-17095/17096 affect Bitdefender BOX 2 in bootstrap mode. The vulnerability stems from the bootstrap download_image path, where the device retrieves a firmware URL from nimbus.bitdefender.net via a JSON-RPC response and then shells out to curl/os.execute without validating the URL. This al...
CVE-2019-17096
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...
Command injection
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...
CVE-2019-17102
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution of system...
Race condition
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution of system...
CVE-2019-17102
The CVE-2019-17102 issue affects Bitdefender BOX 2 bootstrapping. A TOCTTOU race condition arises in the update_setup flow: POST requests to /api/update_setup acquire an atomic lock, but the parallel forked update_setup runs install_full_ws after extracting a signed full_ws.tar.gz. An attacker ca...
Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities
Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Bitdefender BOX 2 contains two remote code execution vulnerabilities in its bootstrap stage. The BOX 2 is a device that protects users’ home networks from a variety of threats...
Bitdefender BOX 2 bootstrap update_setup command execution vulnerability
Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...
Bitdefender BOX 2 bootstrap download_image command injection vulnerability
Summary An exploitable command injection vulnerability exists in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands...