CVE-2024-2224: Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-11466)
First published: Tue Apr 09 2024(Updated: )
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1
Credit: cve-requests@bitdefender.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bitdefender Endpoint Security | =7.0.5.200089 | |
| Bitdefender Endpoint Security | =7.9.9.380 | |
| Bitdefender GravityZone Control Center | =6.36.1 | |
| Bitdefender Endpoint Security | ||
| Bitdefender Endpoint Security | ||
| Bitdefender GravityZone Control Center |
Remedy
An automatic update to the following versions fixes the issues: Bitdefender Endpoint Security for Linux version 7.0.5.200090 Bitdefender Endpoint Security for Windows version 7.9.9.381 GravityZone Control Center (On Premises) version 6.36.1-1
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-2224?
CVE-2024-2224 has a high severity rating due to its potential to allow arbitrary code execution.
How do I fix CVE-2024-2224?
To fix CVE-2024-2224, users should update their Bitdefender products to the latest patched versions.
Which products are affected by CVE-2024-2224?
CVE-2024-2224 affects Bitdefender Endpoint Security versions 7.0.5.200089 and 7.9.9.380, as well as Bitdefender GravityZone Control Center version 6.36.1.
What type of vulnerability is CVE-2024-2224?
CVE-2024-2224 is classified as a Path Traversal vulnerability that can lead to privilege escalation.
Can CVE-2024-2224 be exploited remotely?
Yes, CVE-2024-2224 can be exploited by attackers remotely if the vulnerable software is accessible.
- agent/remedy
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- vendor/bitdefender
- canonical/bitdefender endpoint security
- version/bitdefender endpoint security/7.0.5.200089
- version/bitdefender endpoint security/7.9.9.380
- canonical/bitdefender gravityzone control center
- version/bitdefender gravityzone control center/6.36.1