Vulnerability Description
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitdefender | Box 2 Firmware | - |
| Bitdefender | Box 2 | - |
| Bitdefender | Central | < 2.0.66 |
Related Weaknesses (CWE)
References
- https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstVendor Advisory
- https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstVendor Advisory
FAQ
What is CVE-2019-17096?
CVE-2019-17096 is a vulnerability with a CVSS score of 9.0 (CRITICAL). A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
How severe is CVE-2019-17096?
CVE-2019-17096 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-17096?
Check the references section above for vendor advisories and patch information. Affected products include: Bitdefender Box 2 Firmware, Bitdefender Box 2, Bitdefender Central.