Plattform
linux
Komponente
gravityzone-control-center-on-premises
Behoben in
6.36.2
7.9.10
7.0.6
CVE-2024-2224 is a Privilege Escalation vulnerability stemming from an Improper Limitation of a Pathname vulnerability within the UpdateServer component of Bitdefender GravityZone. This flaw allows attackers to execute arbitrary code on vulnerable instances. The vulnerability affects GravityZone Control Center (On Premises) version 6.36.1, as well as related Bitdefender Endpoint Security versions for Linux and Windows. Affected users should upgrade to version 6.36.2 to address this issue.
The primary impact of CVE-2024-2224 is the potential for arbitrary code execution. An attacker exploiting this Path Traversal vulnerability can bypass intended access controls and gain elevated privileges within the affected GravityZone instance. This could lead to complete compromise of the control center, allowing the attacker to manage endpoints, modify configurations, and potentially exfiltrate sensitive data. Given GravityZone's role in managing endpoint security, a successful exploitation could have a wide-ranging impact, affecting all endpoints under its control. The ability to execute arbitrary code mirrors the impact of vulnerabilities like CVE-2021-44228 (Log4Shell), where attackers could leverage a seemingly minor flaw to achieve full system control.
CVE-2024-2224 was publicly disclosed on April 9, 2024. Its severity is considered HIGH (CVSS:8.1). Currently, there are no known public exploits or active campaigns targeting this vulnerability. It is not yet listed on the CISA KEV catalog. The vulnerability's reliance on Path Traversal suggests that exploitation might require some level of local access or network proximity to the GravityZone Control Center.
Organizations heavily reliant on Bitdefender GravityZone for centralized endpoint management are at significant risk. This includes businesses with on-premises GravityZone deployments, particularly those with older versions (6.36.1) that have not yet been upgraded. Shared hosting environments utilizing GravityZone for managing multiple client endpoints could also be vulnerable, potentially exposing multiple tenants to compromise.
• linux / server:
journalctl -u bitdefender -f | grep -i "path traversal"• linux / server:
lsof -i :8080 | grep bitdefender• generic web:
curl -I <gravityzone_url>/updateServer/path/to/sensitive/file• generic web:
grep -r "path traversal" /opt/bitdefender/gravityzone/controlcenter/disclosure
Exploit-Status
EPSS
0.65% (71% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-2224 is to upgrade to Bitdefender GravityZone Control Center version 6.36.2 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access to the UpdateServer component. Implement strict firewall rules to limit access to the UpdateServer component to only authorized systems. Monitor system logs for suspicious activity, particularly attempts to access files outside of the intended directory. While no specific Sigma or YARA rules are readily available, creating custom rules to detect unusual file access patterns within the UpdateServer directory is recommended. After upgrading, confirm the fix by attempting to access restricted files via the UpdateServer component and verifying that access is denied.
Actualice Bitdefender GravityZone Control Center a una versión posterior a la 6.36.1. Consulte el advisory de Bitdefender para obtener instrucciones específicas sobre la actualización y mitigación.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-2224 is a HIGH severity vulnerability allowing attackers to execute code via Path Traversal in Bitdefender GravityZone Control Center versions 6.36.1–6.36.1.
If you are running Bitdefender GravityZone Control Center version 6.36.1, you are potentially affected by this vulnerability. Check your version and upgrade accordingly.
Upgrade to Bitdefender GravityZone Control Center version 6.36.2 or later to remediate the vulnerability. Implement temporary workarounds if immediate upgrade is not possible.
As of now, there are no known public exploits or active campaigns targeting CVE-2024-2224, but vigilance is still advised.
Refer to the official Bitdefender security advisory for detailed information and updates: [https://www.bitdefender.com/support/security/vulnerability-update-gravityzone-control-center-12334](https://www.bitdefender.com/support/security/vulnerability-update-gravityzone-control-center-12334)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.