Bitdefender BOX 2 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Vulnerability

Summary

Bitdefender BOX 2 suffers from improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerability

Credit:

The information has been provided by Claudio Bozzato

The original article can be found at:https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/


Details

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.

 

Vulnerable Systems

Bitdefender BOX 2 

 

CVE Information:

CVE-2019-17096

 

Disclosure Timeline:
Published Date:1/27/2020

Categories: FeaturedNews