Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks

A recently discovered vulnerability in Bitdefender’s GravityZone Update Server has raised significant security concerns.

Identified as CVE-2024-6980, this flaw allows attackers to execute server-side request forgery (SSRF) attacks, potentially compromising sensitive data and systems. With a CVSS score of 9.2, this vulnerability is categorized as critical.

The scoring breakdown indicates that the flaw is accessible remotely (AV:N), requires high attack complexity (AC:H), and does not require authentication (PR:N) or user interaction (UI:N).

The vulnerability’s impact on confidentiality, integrity, and availability is high (VC:H/VI:H/VA:H), emphasizing the urgent need for mitigation.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

CVE-2024-6980 – Vulnerability Details

The root cause of CVE-2024-6980 is a verbose error handling issue within the GravityZone Update Server’s proxy service.

This flaw allows attackers to manipulate server requests, potentially leading to unauthorized access and data breaches. Security researcher Nicolas Verdier discovered and reported the vulnerability, also known as n1nj4sec.

Affected Versions and Fix

Bitdefender has promptly responded to the discovery by releasing an automatic update that fixes the issue.

Users running affected versions of the GravityZone Console are strongly advised to update to version 6.38.1-5 immediately. Ensuring that systems are up-to-date is crucial to prevent potential exploitation.

The discovery of CVE-2024-6980 underscores the importance of regular security updates and vigilant monitoring of critical systems.

Bitdefender’s swift action in addressing the vulnerability is commendable, but users must remain proactive in applying updates to safeguard their environments from similar threats.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access