CVE-2019-12612 : An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode.

Published 2019-10-31 17:15:10

Updated 2020-08-24 17:37:01

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-12612

Bitdefender » Box Firmware
Versions before (<) 2.1.37.37-34
cpe:2.3:o:bitdefender:box_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Bitdefender » BOX » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-12612

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-12612

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2019-12612

https://www.bitdefender.com/support/security-advisories/bitdefender-box-local-code-execution/

Bitdefender BOX Local Code Execution (VA-3183) - Bitdefender
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-12612

Products affected by CVE-2019-12612

Exploit prediction scoring system (EPSS) score for CVE-2019-12612

CVSS scores for CVE-2019-12612

References for CVE-2019-12612