Bitdefender Vulnerability Let Attackers Trigger SSRF Attacks

A critical safety vulnerability has been found in Bitdefender’s GravityZone Update Server, potentially exposing organizations to server-aspect put a query to forgery (SSRF) assaults.

The flaw, ceaselessly called CVE-2024-6980, carries a high severity rating with a CVSS get hang of of 9.2 out of 10, indicating its critical impact on affected methods.

The protection teach originates from a verbose error-going thru teach in the proxy service conducted in the GravityZone Update Server, which enables an attacker to begin server-aspect put a query to forgery assaults, potentially compromising the safety of affected methods.

It’s critical to be aware that this flaw most effective impacts GravityZone Console versions sooner than 6.38.1-5 working on-premises. The flaw impacts the Bitdefender GravityZone Update Server (versions sooner than 6.38.1-5).

Server-aspect put a query to forgery assaults can gain severe penalties for affected organizations. An attacker exploiting this vulnerability could perhaps well potentially:

1. Entry aloof internal sources
2. Bypass safety controls
3. Manipulate server operations
4. Fetch confidential files

The high CVSS get hang of underscores the serious nature of this vulnerability and the functionality for critical wound if left unaddressed.

Bitdefender has responded suddenly to address this safety teach. An computerized change to product version 6.38.1-5 has been launched, which fixes the vulnerability.

Organizations using affected versions of the GravityZone Update Server are strongly instantaneous to correct away change their methods to the most modern version.

Credit for discovering this vulnerability goes to Nicolas VERDIER, in total identified as n1nj4sec. Guilty disclosure practices gain been adopted, permitting Bitdefender to provide and begin a patch sooner than the vulnerability turned into as soon as made public.

Suggestions for Users

1. Test the version of your GravityZone Console and be obvious that that it is updated to version 6.38.1-5 or later.
2. Enable computerized updates to receive serious safety patches promptly.
3. Habits an intensive safety review of methods which will gain been uncovered to this vulnerability.
4. Visual show unit for any suspicious actions that will perhaps perhaps present exploitation attempts.

To Guarantee You Be pleased the Most modern Data

1. Test the GravityZone Regulate Center’s “About” or “System Data” portion for the in the meantime put in version.
2. Scrutinize for any on hand updates in the Configuration > Update portion of the GravityZone console.