Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2019-17095
HistoryJan 27, 2020 - 6:15 p.m.

Command injection

2020-01-2718:15:00
PRIOn knowledge base
www.prio-n.com
4

9.8 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

JSON

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/download_image unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.

Related

cvelist 1
cve 1
nvd 1
talos 1
talosblog 1
cvelist
cvelist
CVE-2019-17095 Bitdefender BOX 2 bootstrap download_image command injection vulnerability
2019-11-23 00:00:00
cve
cve
CVE-2019-17095
2020-01-27 18:15:12
nvd
nvd
CVE-2019-17095
2020-01-27 18:15:12
talos
talos
Bitdefender BOX 2 bootstrap download_image command injection vulnerability
2019-01-21 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities
2020-01-21 09:29:09

9.8 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

JSON
Related for PRION:CVE-2019-17095
cvelist1cve1nvd1talos1talosblog1