CVE-2024-13872

Published: Mar 12, 2025

Modified: Mar 12, 2025

PUBLISHED

Description

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device.

Vendor	Product	Versions
Bitdefender	BOX v1	affected `1.3.11.490 - < 1.3.11.505`

Weaknesses (CWE)

CWE-319

References

https://bitdefender.com/support/security-advisories/insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-13872

Description

Affected Products

Weaknesses (CWE)

References