National Cyber Warfare Foundation (NCWF) Forums


Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks
0 user ratings		2024-08-01 11:26:48
milo
Red Team (CNA)
 - archive -- 

A recently discovered vulnerability in Bitdefender’s GravityZone Update Server has raised significant security concerns. Identified as CVE-2024-6980, this flaw allows attackers to execute server-side request forgery (SSRF) attacks, potentially compromising sensitive data and systems. With a CVSS score of 9.2, this vulnerability is categorized as critical. The scoring breakdown indicates that the flaw is accessible […]


The post Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



A recently discovered vulnerability in Bitdefender’s GravityZone Update Server has raised significant security concerns.





Identified as CVE-2024-6980, this flaw allows attackers to execute server-side request forgery (SSRF) attacks, potentially compromising sensitive data and systems. With a CVSS score of 9.2, this vulnerability is categorized as critical.





The scoring breakdown indicates that the flaw is accessible remotely (AV:N), requires high attack complexity (AC:H), and does not require authentication (PR:N) or user interaction (UI:N).





The vulnerability’s impact on confidentiality, integrity, and availability is high (VC:H/VI:H/VA:H), emphasizing the urgent need for mitigation.





How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide





CVE-2024-6980 – Vulnerability Details





The root cause of CVE-2024-6980 is a verbose error handling issue within the GravityZone Update Server’s proxy service.





This flaw allows attackers to manipulate server requests, potentially leading to unauthorized access and data breaches. Security researcher Nicolas Verdier discovered and reported the vulnerability, also known as n1nj4sec.





Affected Versions and Fix





Affected ProductAffected VersionsFixed Version
GravityZone Update Server< 6.38.1-56.38.1-5




Bitdefender has promptly responded to the discovery by releasing an automatic update that fixes the issue.





Users running affected versions of the GravityZone Console are strongly advised to update to version 6.38.1-5 immediately. Ensuring that systems are up-to-date is crucial to prevent potential exploitation.





The discovery of CVE-2024-6980 underscores the importance of regular security updates and vigilant monitoring of critical systems.





Bitdefender’s swift action in addressing the vulnerability is commendable, but users must remain proactive in applying updates to safeguard their environments from similar threats.





Areyou from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access


The post Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Source: gbHackers
Source Link: https://gbhackers.com/bitdefender-flaw-let-attackers/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.