Sign-up

ID

VAR-201910-0335


CVE

CVE-2019-12611


TITLE

Bitdefender BOX Vulnerability related to allocation of resources without restrictions or throttling in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-011082

DESCRIPTION

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot. Bitdefender BOX The firmware contains a vulnerability related to resource allocation without restrictions or throttling.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2019-12611 // JVNDB: JVNDB-2019-011082

AFFECTED PRODUCTS

vendor:bitdefendermodel:boxscope:ltversion:2.1.37.37-34

Trust: 1.8

vendor:bitdefendermodel:boxscope:eqversion: -

Trust: 1.2

sources: JVNDB: JVNDB-2019-011082 // CNNVD: CNNVD-201910-1202 // NVD: CVE-2019-12611

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12611
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12611
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-1202
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-12611
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12611
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-12611
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-011082 // CNNVD: CNNVD-201910-1202 // NVD: CVE-2019-12611

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.8

sources: JVNDB: JVNDB-2019-011082 // NVD: CVE-2019-12611

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1202

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-1202

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011082

PATCH
title:Bitdefender BOX Denial of Service (VA-3184)url:https://www.bitdefender.com/support/security-advisories/bitdefender-box-denial-service-va-3184/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011082

EXTERNAL IDS
db:NVDid:CVE-2019-12611
Trust: 2.4
db:JVNDBid:JVNDB-2019-011082
Trust: 0.8
db:CNNVDid:CNNVD-201910-1202
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011082 // 
            
            
            
            CNNVD: CNNVD-201910-1202 // 
            
            
            
            NVD: CVE-2019-12611

REFERENCES
url:https://www.bitdefender.com/support/security-advisories/bitdefender-box-denial-service-va-3184/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-12611
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12611
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011082 // 
            
            
            
            CNNVD: CNNVD-201910-1202 // 
            
            
            
            NVD: CVE-2019-12611

SOURCES
db:JVNDBid:JVNDB-2019-011082
db:CNNVDid:CNNVD-201910-1202
db:NVDid:CVE-2019-12611

LAST UPDATE DATE
2024-11-23T23:01:40.491000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-011082date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-1202date:2019-10-23T00:00:00
db:NVDid:CVE-2019-12611date:2024-11-21T04:23:10.973

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-011082date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-1202date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12611date:2019-10-17T19:15:10.483