Sign-up

ID

VAR-201910-0336


CVE

CVE-2019-12612


TITLE

Bitdefender BOX Vulnerability related to input validation in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-011539

DESCRIPTION

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode. Bitdefender BOX The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2019-12612 // JVNDB: JVNDB-2019-011539

AFFECTED PRODUCTS

vendor:bitdefendermodel:boxscope:ltversion:2.1.37.37-34

Trust: 1.8

sources: JVNDB: JVNDB-2019-011539 // NVD: CVE-2019-12612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12612
value: HIGH

Trust: 1.0

NVD: CVE-2019-12612
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-1899
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-12612
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12612
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-12612
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-011539 // CNNVD: CNNVD-201910-1899 // NVD: CVE-2019-12612

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-011539 // NVD: CVE-2019-12612

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1899

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1899

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011539

PATCH
title:Bitdefender BOX Local Code Execution (VA-3183)url:https://www.bitdefender.com/support/security-advisories/bitdefender-box-local-code-execution/
Trust: 0.8
title:Bitdefender BOX Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101813
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011539 // 
            
            
            
            CNNVD: CNNVD-201910-1899

EXTERNAL IDS
db:NVDid:CVE-2019-12612
Trust: 2.4
db:JVNDBid:JVNDB-2019-011539
Trust: 0.8
db:CNNVDid:CNNVD-201910-1899
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011539 // 
            
            
            
            CNNVD: CNNVD-201910-1899 // 
            
            
            
            NVD: CVE-2019-12612

REFERENCES
url:https://www.bitdefender.com/support/security-advisories/bitdefender-box-local-code-execution/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-12612
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12612
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011539 // 
            
            
            
            CNNVD: CNNVD-201910-1899 // 
            
            
            
            NVD: CVE-2019-12612

SOURCES
db:JVNDBid:JVNDB-2019-011539
db:CNNVDid:CNNVD-201910-1899
db:NVDid:CVE-2019-12612

LAST UPDATE DATE
2024-11-23T22:41:19.835000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-011539date:2019-11-12T00:00:00
db:CNNVDid:CNNVD-201910-1899date:2020-08-25T00:00:00
db:NVDid:CVE-2019-12612date:2024-11-21T04:23:11.117

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-011539date:2019-11-12T00:00:00
db:CNNVDid:CNNVD-201910-1899date:2019-10-31T00:00:00
db:NVDid:CVE-2019-12612date:2019-10-31T17:15:10.227