| Vulnerability Name: | CVE-2019-12611 (CCN-169770) | ||||||||||||
| Assigned: | 2019-10-17 | ||||||||||||
| Published: | 2019-10-17 | ||||||||||||
| Updated: | 2019-10-22 | ||||||||||||
| Summary: | An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot. | ||||||||||||
| CVSS v3 Severity: | 4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) 3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-770 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-12611 Source: XF Type: UNKNOWN bitdefender-cve201912611-dos(169770) Source: CCN Type: Bitdefender Web site Bitdefender BOX Denial of Service (VA-3184) Source: MISC Type: Vendor Advisory https://www.bitdefender.com/support/security-advisories/bitdefender-box-denial-service-va-3184/ | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||