Back

Insufficient validation on regular expression in EPPUpdateService config file (VA-9825)

Publication date: November 24th, 2021


CVE ID:
CVE-2021-3552
CVSS scrore:
5.3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected vendors:
Bitdefender
Affected products:
Endpoint Security Tools
Vulnerability details:

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects Bitdefender Endpoint Security Tools versions prior to 3.3.6.201.

Additional details:
An automatic update to version 3.3.6.201 fixes the issue.
Credit:
Nicolas VERDIER, Cybersecurity Consultant at TEHTRIS