CVE-2024-13872
Published: 12 March 2025
Description
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Security Summary
CVE-2024-13872 affects Bitdefender Box devices running versions 1.3.11.490 through 1.3.11.505. The vulnerability stems from the use of the insecure HTTP protocol to download assets over the Internet for updating and restarting daemons and detection rules. This issue, classified under CWE-319 (Cleartext Transmission of Sensitive Information), has a CVSS v3.1 base score of 7.5 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
An unauthenticated, network-adjacent attacker can exploit this by performing a man-in-the-middle (MITM) attack after updates are remotely triggered via the /set_temp_token API method. The attacker intercepts HTTP traffic and returns malicious responses containing tainted assets. Daemons restarted with these malicious assets can then be further exploited to achieve remote code execution on the device.
Bitdefender has issued a security advisory on the insecure update mechanism vulnerability in libboxhermes.so within Bitdefender Box v1, available at https://bitdefender.com/support/security-advisories/insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1, which provides details on mitigation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables a man-in-the-middle attack on the insecure HTTP update mechanism to deliver malicious assets leading to RCE.