CVE-2023-6154 HIGH

CVE-2023-6154: Local privilege escalation in Bitdefender Total Security (VA-11168)

Vendor Bitdefender
Product Total Security
Weakness CWE-15
Published April 1, 2024
Last update August 12, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.

Key dates

02Disclosure timeline

April 1, 2024 CVE published
August 12, 2024 Record updated