CVE-2024-13872

216.73.217.22

· Published 12/03/2025 12:15 · Modified 12/03/2025 12:15

Labels: CVE-2024-13872 2025-03-12 CVE-2024-13872 CWE-319 [email protected]

Essential information

Published: 12/03/2025 12:15
Modified: 12/03/2025 12:15
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
bitdefender / box	`cpe:2.3:a:bitdefender:box:1.3.11.490:1.3.11.505::::::`

CVE-2024-13872

Essential information

Description

NVD status

Affected products (CPE)

References