CVE-2019-17096
published 2020-01-27CVE-2019-17096: A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.07%
79.1th percentile
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitdefender | bitdefender_box_2 | >= 2.1.47.42 < 2.1.59-12 | 2.1.59-12 |
| bitdefender | bitdefender_box_2 | >= 2.1.53.45 < 2.1.59-12 | 2.1.59-12 |
| bitdefender | central | < 2.0.66 | 2.0.66 |
| bitdefender | central | < 2.0.66.88 | 2.0.66.88 |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
51929
snort↗
51948
- →Monitor for HTTP requests targeting the `/api/download_image` endpoint on Bitdefender BOX 2 devices, particularly those originating from or spoofing a remote nimbus server, as exploitation requires impersonating that server to inject commands via the firmware URL parameter. ↗
- →The attack is unauthenticated and occurs during the bootstrap stage; look for unexpected or malformed firmware URL values supplied to the device during its bootstrap/recovery phase. ↗
- ·Vulnerability is only exploitable during the bootstrap stage of the device lifecycle; production-mode and bootstrap-mode affect different firmware versions (2.1.47.42 and 2.1.53.45 in production mode; 2.0.1.91 in bootstrap mode). ↗
- ·Snort rules 51929 and 51948 are subject to change; operators should verify current rule content via Firepower Management Center or Snort.org before deploying. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities
blogs_talos·2020-01-21·CVSS 8.1
[HIGH] Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities
Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
The Bitdefender BOX 2 contains two remote code execution vulnerabilities in its bootstrap stage. The BOX 2 is a device that protects users’ home networks from a variety of threats, such as malware,
phishing IOCs and other forms of cyber attacks. It also allows the user to monitor specific devices on the network and limit their internet access. These vulnerabilities could allow an attacker to gain the ability to arbitrarily execute system commands.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Bitdefender to ensure that these issues are resolved and that an update is available for affected customers.
### Vulnerability detailsBitdefender BO
Talos
Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities
blogs_talos·2020-01-21·CVSS 8.1
[HIGH] Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities
## Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities
Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
The Bitdefender BOX 2 contains two remote code execution vulnerabilities in its bootstrap stage. The BOX 2 is a device that protects users’ home networks from a variety of threats, such as malware,
phishing IOCs and other forms of cyber attacks. It also allows the user to monitor specific devices on the network and limit their internet access. These vulnerabilities could allow an attacker to gain the ability to arbitrarily execute system commands.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Bitdefender to ensure that these issues are resolved a
2020-01-27
Published