A vulnerability has been identified in Bitdefender GravityZone Update Server. The vulnerability could allow an attacker to perform Server-Side Request Forgery (SSRF) on a target update server. The vulnerability (CVE-2024-6980) has a Critical CVSS 4.0 score of 9.2 out of 10.
Description:
CVE-2024-6980 is a verbose error logging issue in GravityZone Update Console sofware components prior to version 6.38.1-5. Attackers can exploit the logging issue to manipulate the server into producing arbitrary requests to any given third-party machine, making it possible to leak sensitive data or possibly even perform arbitrary command execution. This can severely compromise the security of the organization.
Affected Versions:
This issue affects customers with GravityZone Console versions prior to 6.38.1-5 running on-premises, thus excluding cloud-based instances.
Recommendations:
- To mitigate this critical vulnerability, organizations running Bitdefender GravityZone on-premises should ensure the latest automatic updates for GravityZone Console (minimum 6.38.1-5) are properly applied.
- Ensure automatic updates are enabled for future instances.
- While no known instances of exploitation in the wild or proofs-of-concept have been identified, any organizations which are still running vulnerable versions at this time should consider reviewing GravityZone Console logs to check for evidence of suspicious activity, after updating the component.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-6980
- https://www.bitdefender.com/support/security-advisories/verbose-error-handling-in-gravityzone-update-server-proxy-service/
- https://feedly.com/cve/CVE-2024-6980
- https://cybersecuritynews.com/bitdefender-ssrf-vulnerability/
- https://www.cve.org/CVERecord?id=CVE-2024-6980
