CIS Logo
tagline: Confidence in the Connected World

A Vulnerability in Bitdefender SafePay Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2020-085

DATE(S) ISSUED:

06/24/2020

OVERVIEW:

A vulnerability has been discovered in Bitdefender SafePay, which could allow for remote code execution. Bitdefender Safepay is a protected web browser designed to secure sensitive online transactions such as online-banking and e-shopping. Successful exploitation of this vulnerability could allow an attacker to execute commands remotely in the context of the user on the system.Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If the current user has been configured to have fewer rights on the system, exploitation of the vulnerability can have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

A proof of concept of how to exploit this vulnerability currently exists.

SYSTEMS AFFECTED:

  • Bitdefender Total Security 2020 versions prior to 24.0.20.116

RISK:

Government:
  • Large and medium government entities: MEDIUM
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: MEDIUM
  • Small business entities: MEDIUM
Home Users:
HIGH

TECHNICAL SUMMARY:

A vulnerability has been discovered in Bitdefender Safepay, which could result in remote code execution. This vulnerability can be exploited if a user utilizing Bitdefender Safepay visits, or is redirected to, a specially crafted web service. This vulnerability exists due to insufficient URL sanitization and validation in Safepay Browser (CVE-2020-8102).

Successful exploitation of this vulnerability could allow an attacker to execute commands remotely in the context of the user on the system. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If the current user has been configured to have fewer rights on the system, exploitation of the vulnerability can have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply the stable channel update provided by Bitdefender to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0

Pencil Blog post 06 Aug 2020
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0