CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-17096

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.2%

CVSS Severity

CVSS v3 Score 9.0

CVSS v2 Score 9.3

References

https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/
https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/

Products affected by CVE-2019-17096

Bitdefender » Central » Version: N/A

cpe:2.3:a:bitdefender:central:-
Bitdefender » Box 2 » Version: N/A

cpe:2.3:h:bitdefender:box_2:-
Bitdefender » Box 2 Firmware » Version: N/A

cpe:2.3:o:bitdefender:box_2_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-17096

Products

Pricing

Contact Us