Back

Local privilege escalation in Bitdefender Total Security (VA-11168)

Publication date: April 1st, 2024

CVE ID:

CVE-2023-6154

CVSS scrore:

7.8 - https://cvss.js.org/#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected vendors:

Bitdefender

Affected products:

Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114

Vulnerability details:

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product’s expected behavior and potentially load a third-party library upon execution.

This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.

Additional details:

An automatic update to version 27.0.25.115 fixes the issue.