cbcvebase.
CVE-2019-17096
published 2020-01-27

CVE-2019-17096: A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.07%
79.1th percentile
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.

Affected

4 ranges
VendorProductVersion rangeFixed in
bitdefenderbitdefender_box_2>= 2.1.47.42 < 2.1.59-122.1.59-12
bitdefenderbitdefender_box_2>= 2.1.53.45 < 2.1.59-122.1.59-12
bitdefendercentral< 2.0.662.0.66
bitdefendercentral< 2.0.66.882.0.66.88

Detection & IOCsextracted from sources · hover to see the quote

url/api/download_image
snort
51929
snort
51948
  • Monitor for HTTP requests targeting the `/api/download_image` endpoint on Bitdefender BOX 2 devices, particularly those originating from or spoofing a remote nimbus server, as exploitation requires impersonating that server to inject commands via the firmware URL parameter.
  • The attack is unauthenticated and occurs during the bootstrap stage; look for unexpected or malformed firmware URL values supplied to the device during its bootstrap/recovery phase.
  • ·Vulnerability is only exploitable during the bootstrap stage of the device lifecycle; production-mode and bootstrap-mode affect different firmware versions (2.1.47.42 and 2.1.53.45 in production mode; 2.0.1.91 in bootstrap mode).
  • ·Snort rules 51929 and 51948 are subject to change; operators should verify current rule content via Firepower Management Center or Snort.org before deploying.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.