CVE-2020-15297 HIGH

CVE-2020-15297

Vendor Bitdefender

Product Bitdefender Update Server

Weakness CWE-918 · SSRF

Published November 9, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294.

Key dates

02Disclosure timeline

November 9, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-15297

Related vulnerabilities

Identifiers

CVE CVE-2020-15297

CWE CWE-918

CVSS 7.1 / HIGH

Affected versions