Bitdefender Patches Critical Vulnerabilities in GravityZone and Endpoint Security

by do son ·

Bitdefender vulnerabilities
Image: Bitdefender

Bitdefender, a leading cybersecurity company, has released critical updates to address multiple vulnerabilities in its GravityZone and Endpoint Security products. These flaws, if left unpatched, could potentially give attackers significant control over affected systems.

Image: Bitdefender

The Vulnerabilities

Here’s a breakdown of the two major vulnerabilities addressed in this update:

  • CVE-2024-2223: Server-Side Request Forgery (SSRF) This vulnerability, found in the GravityZone Update Server, stems from an incorrect regular expression. If exploited, an attacker could trick the server into making requests to other internal systems or external sites. This could be used for sensitive information gathering or even further exploit chains within a network.
  • CVE-2024-2224: Path Traversal This vulnerability, also present in the GravityZone Update Server component, could allow an attacker to break out of intended directories and execute arbitrary code on the server. In a worst-case scenario, this could lead to full system compromise.

Affected Products

The following Bitdefender products were confirmed vulnerable to these exploits:

  • Bitdefender Endpoint Security for Linux (version 7.0.5.200089)
  • Bitdefender Endpoint Security for Windows (version 7.9.9.380)
  • GravityZone Control Center (On-Premises) (version 6.36.1)

The Fix

Bitdefender has been proactive in releasing automatic updates to address these issues. Users should ensure they’re running the following patched versions:

  • Bitdefender Endpoint Security for Linux (version 7.0.5.200090 and later)
  • Bitdefender Endpoint Security for Windows (version 7.9.9.381 and later)
  • GravityZone Control Center (On-Premises) (version 6.36.1-1 and later)

Call to Action

Given the severity of these vulnerabilities, administrators of Bitdefender GravityZone and Endpoint Security products must apply these security updates as soon as possible. Failure to do so leaves systems exposed to potential attacks with significant consequences.

Staying Vigilant

This advisory from Bitdefender highlights the importance of keeping security software up-to-date. Even the most reputable vendors experience vulnerabilities and timely patching is essential for maintaining a strong cybersecurity posture.

Tags: Bitdefender Endpoint Security for LinuxBitdefender vulnerabilitiesCVE-2024-2223CVE-2024-2224GravityZone Update Serverssrf