Configuration Setting Issue Allows Attacker to Load Third-Party Library
CVE-2023-6154

7.8HIGH

Key Information:

Vendor: Bitdefender
Status: Total Security; Internet Security; Antivirus Plus; Antivirus Free
Vendor: CVE Published:; 1 April 2024

🔔 Create Bitdefender Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2023-6154?

A configuration issue in seccenter.exe used by multiple Bitdefender products allows attackers to manipulate the software's behavior, potentially enabling the execution of unauthorized third-party libraries. This vulnerability creates a risk for users by undermining the integrity of the security features and placing sensitive systems at risk. Affected versions include Bitdefender Total Security, Internet Security, Antivirus Plus, and Antivirus Free all on version 27.0.25.114, highlighting the critical need for users to ensure their software is updated and protected against exploitation.

Affected Version(s)

Antivirus Free 27.0.25.114

Antivirus Plus 27.0.25.114

Internet Security 27.0.25.114

News Articles

CybersecurityNews

CVE-2023-6154

Bitdefender Security Privilege Escalation Vulnerability - Patch Now

The popular cybersecurity technology firm Bitdefender has patched a vulnerability that might lead to privilege escalation in its widely used %

References

https://bitdefender.com/support/security-advisories/local...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Apr 2, 2024
Vulnerability published
Apr 1, 2024