Unrated severityNVD Advisory· Published Jan 27, 2020· Updated Sep 17, 2024
Bitdefender BOX v2 bootstrap update_setup command execution vulnerability (VA-2226)
CVE-2019-17102
Description
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/update_setup does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.1.47.36
- Range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.