Critical Bitdefender Patch for GravityZone Update Server: CVE-2024-6980 Could Lead to SSRF Attacks

Bitdefender, a provider of cybersecurity solutions, has recently patched a critical vulnerability (CVE-2024-6980) in its GravityZone Update Server that demands immediate attention.

The GravityZone Update Server serves as the central hub for distributing essential security updates to devices within a GravityZone deployment. Thereby, the vulnerability poses a significant risk to organizations that rely on GravityZone for their endpoint security.

By exploiting this vulnerability, malicious actors could potentially gain unauthorized access to the update server, leading to data breaches and disruption of critical security processes.

What Is CVE-2024-6980 in GravityZone Update Server?

The critical vulnerability in Bitdefender’s GravityZone Update Server, CVE-2024-6980 (CVSS: 9.2), stems from its proxy service’s handling of verbose errors.

Vulnerability card of CVE-2024-6980 (SOCRadar Vulnerability Intelligence)

By exploiting this vulnerability, attackers can perform Server-Side Request Forgery (SSRF) attacks, enabling them to send requests to arbitrary servers within the victim’s network. This could lead to unauthorized access and data exfiltration, compromising the security and integrity of the affected systems.

Which Versions Are Affected?

It is crucial to note that only on-premises installations of GravityZone Console versions prior to 6.38.1-5 are vulnerable to this attack. Cloud-based GravityZone instances are not affected, as they are not subject to the same input validation issue.

A search on ZoomEye reveals over 2,000 instances of Bitdefender GravityZone exposed on the internet.

ZoomEye search results for Bitdefender GravityZone

By applying the patch released by Bitdefender, organizations can effectively address the underlying flaw and protect their systems from potential exploitation.

SOCRadar’s Vulnerability Intelligence feature monitors CVEs and exploitation trends, providing an extensive database of the latest security vulnerabilities. This feature is invaluable for organizations looking to stay informed about new threats. By leveraging Vulnerability Intelligence, your security team can quickly identify relevant vulnerabilities and understand their potential impact.

Use SOCRadar’s Vulnerability Intelligence to easily follow CVE and exploitation trends

Bitdefender’s Response and Updates

Organizations that utilize on-premises installations are strongly advised to update their GravityZone Update Server to version 6.38.1-5 immediately to mitigate the risk associated with this vulnerability.

You can refer to the official Bitdefender advisory for the vulnerability here.

Recommendations to Prevent SSRF Attacks

Here are some brief recommendations to mitigate Server-Side Request Forgery (SSRF) vulnerabilities:

• Always validate and sanitize user inputs to ensure that URLs or other inputs that may trigger server-side requests are properly checked and do not contain malicious or unexpected values.
• Implement a whitelist of allowed URLs or domains that the server can access, ensuring that only legitimate and safe destinations can be reached.
• Isolate critical systems and sensitive data from parts of the network that handle external requests, reducing the potential impact of an SSRF attack.
• Turn off any unnecessary protocols or services that can be exploited by SSRF attacks, such as certain HTTP methods or internal network access.
• Ensure that developers follow secure coding guidelines and use frameworks or libraries that help mitigate SSRF vulnerabilities.
• Implement thorough logging and monitoring to detect and respond to suspicious activities indicative of SSRF attacks in real time.

Ensuring Continuous Security with SOCRadar

Stay updated on cybersecurity trends and respond swiftly to new vulnerabilities with SOCRadar’s Attack Surface Management (ASM) module. This tool protects your digital assets by continuously monitoring them, providing timely threat alerts, and enabling effective preemptive actions to enhance your cybersecurity posture.

Monitor your digital assets with SOCRadar’s Attack Surface Management, enabling quicker response

SOCRadar’s threat intelligence platform aggregates data from multiple sources, including deep web monitoring, dark web intelligence, and threat actor tracking, providing organizations with a comprehensive view of the latest security risks. This intelligence is continuously updated and analyzed, allowing SOCRadar to identify and prioritize emerging threats before exploitation can take place.