5.7 CVE-2024-13870

Enriched by CISA
 

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.
https://nvd.nist.gov/vuln/detail/CVE-2024-13870

Categories

CWE-1328 : Security Version Number Mutable to Older Versions
Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions. Mutability of stored security version numbers and programming with older firmware images should be part of automated testing. Anti-roll-back features should be reviewed as part of Architecture or Design review. When architecting the system, security version data should be designated for storage in registers that are either read-only or have access controls that prevent modification by an untrusted agent. During implementation and test, security version data should be demonstrated to be read-only and access controls should be validated.

References


 

AFFECTED (from MITRE)

Vendor Product Versions
Bitdefender BOX v1
  • ≤ 1.3.52.928 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
AND
   cpe:2.3:o:bitdefender:box_firmware:*:*:*:*:*:*:*:* <= 1.3.52.928
  Running on/with
  cpe:2.3:h:bitdefender:box:-:*:*:*:*:*:*:*

REMEDIATION


EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
176 Configuration/Environment Manipulation
Medium