CVE-2024-2224

{"id": "CVE-2024-2224", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-requests@bitdefender.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-04-09T13:15:33.357", "references": [{"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/", "tags": ["Vendor Advisory"], "source": "cve-requests@bitdefender.com"}, {"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve-requests@bitdefender.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory (\u2018Path Traversal\u2019) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: \n\nBitdefender Endpoint Security for Linux version 7.0.5.200089\nBitdefender Endpoint Security for Windows version 7.9.9.380\nGravityZone Control Center (On Premises) version 6.36.1\n"}, {"lang": "es", "value": "La vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") en el componente UpdateServer de Bitdefender GravityZone permite a un atacante ejecutar c\u00f3digo arbitrario en instancias vulnerables. Este problema afecta a los siguientes productos que incluyen el componente vulnerable: Bitdefender Endpoint Security para Linux versi\u00f3n 7.0.5.200089 Bitdefender Endpoint Security para Windows versi\u00f3n 7.9.9.380 GravityZone Control Center (On Premises) versi\u00f3n 6.36.1"}], "lastModified": "2025-02-07T18:53:18.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:endpoint_security:7.0.5.200089:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "AAB89966-3C21-4B7D-AC06-852112583783"}, {"criteria": "cpe:2.3:a:bitdefender:endpoint_security:7.9.9.380:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "D1F56724-5FFE-414B-95D1-96351A0F9686"}, {"criteria": "cpe:2.3:a:bitdefender:gravityzone_control_center:6.36.1:*:*:*:on_premises:*:*:*", "vulnerable": true, "matchCriteriaId": "75899627-A80E-49B6-9EBA-433DF7F2BE37"}], "operator": "OR"}]}], "sourceIdentifier": "cve-requests@bitdefender.com"}