CVE-2024-2223: 
Bitdefender Endpoint Security Tools vulnerability analysis and mitigation

An Incorrect Regular Expression vulnerability (CVE-2024-2223) was discovered in Bitdefender GravityZone Update Server, affecting multiple Bitdefender products including Endpoint Security for Linux (version 7.0.5.200089), Endpoint Security for Windows (version 7.9.9.380), and GravityZone Control Center (On Premises version 6.36.1). The vulnerability was disclosed on April 9th, 2024, and received a CVSS v3.1 base score of 8.1, indicating high severity (Bitdefender Advisory).

The vulnerability stems from an incorrect regular expression implementation in the GravityZone Update Server that could enable Server Side Request Forgery (SSRF). The flaw allows attackers to send crafted requests that can be misinterpreted as legitimate by the server. The vulnerability has a network attack vector with high attack complexity, requires no privileges or user interaction, and can potentially impact the confidentiality, integrity, and availability of the system (Cybersecurity News, Bitdefender Advisory).

A successful exploitation of this vulnerability could allow attackers to reconfigure the update relay, potentially disrupting update delivery or injecting malicious updates into the network. The impact extends to complete control over the confidentiality (data theft), integrity (data modification), and availability (server disruption) of the Update Server (Cybersecurity News).

Bitdefender has released security updates to address the vulnerability. Users should upgrade to the following patched versions: Bitdefender Endpoint Security for Linux version 7.0.5.200090, Endpoint Security for Windows version 7.9.9.381, and GravityZone Control Center (On Premises) version 6.36.1-1 (Bitdefender Advisory).