CVE-2023-6154

Description

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Bitdefender / Antivirus Free27.0.25.114 – 27.0.25.114
Bitdefender / Antivirus Plus27.0.25.114 – 27.0.25.114
Bitdefender / Internet Security27.0.25.114 – 27.0.25.114
Bitdefender / Total Security27.0.25.114 – 27.0.25.114

References

VENDOR_ADVISORYhttps://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/