CVE-2023-6154

Local privilege escalation in Bitdefender Total Security (VA-11168)

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.

Un problema de configuración en seccenter.exe tal como se usa en Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free permite a un atacante cambiar el comportamiento esperado del producto y potencialmente cargar una librería de terceros durante la ejecución. Este problema afecta a Total Security: 27.0.25.114; Seguridad de Internet: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus gratuito: 27.0.25.114.

*Credits: N/A

CVSS Scores

Bitdefenderv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-11-15 CVE Reserved
2024-04-01 CVE Published
2024-04-02 EPSS Updated
2024-08-12 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-15: External Control of System or Configuration Setting

CAPEC

CAPEC-203: Manipulate Registry Information

References (1)

URL	Tag	Source
https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bitdefender Search vendor "Bitdefender"		Total Security Search vendor "Bitdefender" for product "Total Security"				27.0.25.114 Search vendor "Bitdefender" for product "Total Security" and version "27.0.25.114"		en		Affected
Bitdefender Search vendor "Bitdefender"		Internet Security Search vendor "Bitdefender" for product "Internet Security"				27.0.25.114 Search vendor "Bitdefender" for product "Internet Security" and version "27.0.25.114"		en		Affected
Bitdefender Search vendor "Bitdefender"		Antivirus Plus Search vendor "Bitdefender" for product "Antivirus Plus"				27.0.25.114 Search vendor "Bitdefender" for product "Antivirus Plus" and version "27.0.25.114"		en		Affected
Bitdefender Search vendor "Bitdefender"		Antivirus Free Search vendor "Bitdefender" for product "Antivirus Free"				27.0.25.114 Search vendor "Bitdefender" for product "Antivirus Free" and version "27.0.25.114"		en		Affected