CVE-2019-12612

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bitdefender:box_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bitdefender:box:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:23

Type Values Removed Values Added
References () https://www.bitdefender.com/support/security-advisories/bitdefender-box-local-code-execution/ - Vendor Advisory () https://www.bitdefender.com/support/security-advisories/bitdefender-box-local-code-execution/ - Vendor Advisory

Information

Published : 2019-10-31 17:15

Updated : 2024-11-21 04:23


NVD link : CVE-2019-12612

Mitre link : CVE-2019-12612

CVE.ORG link : CVE-2019-12612


JSON object : View

Products Affected

bitdefender

  • box_firmware
  • box