Bitdefender Releases Critical Security Updates - 20240802001 (#924)

* Bitdefender Releases Critical Security Updates - 20240802001 * updates * Update 20240802001 Minor wording changes --------- Co-authored-by: JadonWill <[email protected]>
wagov · Aug 2, 2024 · 2df7947 · 2df7947
1 parent 5b32810
commit 2df7947
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/docs/advisories/20240802001-Bitdefender-Releases-Critical-Security-Updates.md b/docs/advisories/20240802001-Bitdefender-Releases-Critical-Security-Updates.md
@@ -0,0 +1,24 @@
+# Bitdefender Releases Critical Security Updates - 20240802001
+
+## Overview
+Bitdefender has released an update to fix a critical vulnerability in GravityZone Update Server product.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE           | CVSS          | Severity        |
+| --------------- | ---------- | ------------------- | ------------- | --------------------- |
+| GravityZone Console   | Versions before 6.38.1-5 running only on premise | [CVE-2024-6980](https://nvd.nist.gov/vuln/detail/CVE-2024-6980)   | 9.2     | **Critical**   |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Bitdefender Advisory: <https://www.bitdefender.com/support/security-advisories/verbose-error-handling-in-gravityzone-update-server-proxy-service/>
+
+## Additional References
+
+- SecurityOnline article: <https://securityonline.info/bitdefender-patches-critical-vulnerability-in-gravityzone-update-server/>