CVE-2022-2830 - OpenCVE

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bitdefender	Gravityzone

Configuration 1 [-]

OR	cpe:2.3:a:bitdefender:gravityzone:::::cloud:::*
	cpe:2.3:a:bitdefender:gravityzone:::::on-premise:::*

No data.

References

Link	Providers
https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573

History

No history.

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2022-09-05T11:55:16.262762Z

Updated: 2024-09-16T19:00:51.550Z

Reserved: 2022-08-16T00:00:00

Link: CVE-2022-2830

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-05T12:15:08.740

Modified: 2022-09-09T16:02:17.670

Link: CVE-2022-2830

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "GravityZone Console On-Premise", "vendor": "Bitdefender", "versions": [{"lessThan": "6.29.2-1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "GravityZone Cloud Console", "vendor": "Bitdefender", "versions": [{"lessThan": "6.27.2-2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-09-04T00:00:00", "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-05T11:55:16", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573"}], "solutions": [{"lang": "en", "value": "An automatic update to the following software versions fixes the issue:\n\nBitdefender GravityZone Console On-Premise version 6.29.2-1.\nBitdefender GravityZone Cloud Console version 6.27.2-2."}], "source": {"defect": ["VA-10573"], "discovery": "EXTERNAL"}, "title": "Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2022-09-04T21:00:00.000Z", "ID": "CVE-2022-2830", "STATE": "PUBLIC", "TITLE": "Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GravityZone Console On-Premise", "version": {"version_data": [{"version_affected": "<", "version_value": "6.29.2-1"}]}}, {"product_name": "GravityZone Cloud Console", "version": {"version_data": [{"version_affected": "<", "version_value": "6.27.2-2"}]}}]}, "vendor_name": "Bitdefender"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-502 Deserialization of Untrusted Data"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573", "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573"}]}, "solution": [{"lang": "en", "value": "An automatic update to the following software versions fixes the issue:\n\nBitdefender GravityZone Console On-Premise version 6.29.2-1.\nBitdefender GravityZone Cloud Console version 6.27.2-2."}], "source": {"defect": ["VA-10573"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:52:58.722Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573"}]}]}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2022-2830", "datePublished": "2022-09-05T11:55:16.262762Z", "dateReserved": "2022-08-16T00:00:00", "dateUpdated": "2024-09-16T19:00:51.550Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:gravityzone:*:*:*:*:cloud:*:*:*", "matchCriteriaId": "973C0CA3-5E63-4375-823D-B3FF934F0819", "versionEndExcluding": "6.27.2-2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitdefender:gravityzone:*:*:*:*:on-premise:*:*:*", "matchCriteriaId": "0EF8A286-8C5E-462F-A4E2-A7FD59B1C794", "versionEndExcluding": "6.29.2-1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2."}, {"lang": "es", "value": "Una vulnerabilidad de Deserializaci\u00f3n de Datos No Confiables en el componente de procesamiento de mensajes de Bitdefender GravityZone Console permite a un atacante pasar comandos no seguros al entorno. Este problema afecta a: Bitdefender GravityZone Console On-Premise versiones anteriores a 6.29.2-1. Bitdefender GravityZone Cloud Console versiones anteriores a 6.27.2-2"}], "id": "CVE-2022-2830", "lastModified": "2022-09-09T16:02:17.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2022-09-05T12:15:08.740", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "cve-requests@bitdefender.com", "type": "Primary"}]}