Lucene search

[email protected]CVE-2022-0677

HistoryApr 07, 2022 - 7:15 p.m.

CVE-2022-0677

2022-04-0719:15:07

CWE-130

[email protected]

web.nvd.nist.gov

cve-2022-0677

vulnerability

update server

bitdefender

endpoint security tools

gravityzone

denial-of-service

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111.

Affected configurations

NVD

Node

bitdefenderendpoint_security_toolsRange<6.2.21.171linux

bitdefenderendpoint_security_toolsRange<7.4.1.111windows

bitdefendergravityzoneRange<26.4-1

bitdefenderupdate_serverRange<3.4.0.276

CPENameOperatorVersion
bitdefender:endpoint_security_toolsbitdefender endpoint security toolslt6.2.21.171
bitdefender:endpoint_security_toolsbitdefender endpoint security toolslt7.4.1.111
bitdefender:gravityzonebitdefender gravityzonelt26.4-1
bitdefender:update_serverbitdefender update serverlt3.4.0.276

CPE	Name	Operator	Version
bitdefender:endpoint_security_tools	bitdefender endpoint security tools	lt	6.2.21.171
bitdefender:endpoint_security_tools	bitdefender endpoint security tools	lt	7.4.1.111
bitdefender:gravityzone	bitdefender gravityzone	lt	26.4-1
bitdefender:update_server	bitdefender update server	lt	3.4.0.276

CNA Affected

[
  {
    "product": "Update Server",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "3.4.0.276",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "GravityZone",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "26.4-1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Endpoint Security Tools for Linux",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "6.2.21.171",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Endpoint Security Tools for Windows",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "7.4.1.111",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bitdefender.com/support/security-advisories/improper-handling-of-length-parameter-inconsistency-vulnerability-in-bitdefender-update-server-va-10144

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

Related for CVE-2022-0677

cvelist1 nvd1 prion1