CVE-2023-6154: Local privilege escalation in Bitdefender Total Security (VA-11168)
First published: Mon Apr 01 2024(Updated: )
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.
Credit: cve-requests@bitdefender.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bitdefender Total Security 2020 | ||
| Bitdefender Internet Security | ||
| Bitdefender Antivirus Plus | ||
| Bitdefender Antivirus Free | ||
| Bitdefender Antivirus for macOS | =27.0.25.114 | |
| Bitdefender Antivirus Plus | =27.0.25.114 | |
| Bitdefender Internet Security | =27.0.25.114 | |
| Bitdefender Total Security 2020 | =27.0.25.114 |
Remedy
An automatic update to version 27.0.25.115 fixes the issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6154?
CVE-2023-6154 has been rated as a high severity vulnerability due to its potential to allow the execution of malicious code.
How can I mitigate CVE-2023-6154?
To mitigate CVE-2023-6154, ensure that your Bitdefender software is updated to the latest version, as patches may address the configurations that allow the vulnerability to be exploited.
What products are affected by CVE-2023-6154?
CVE-2023-6154 affects Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, and Bitdefender Antivirus Free.
What impact does CVE-2023-6154 have on my system?
CVE-2023-6154 can potentially allow an attacker to alter the expected behavior of the affected software, which may lead to unauthorized actions on the system.
Is there a fix available for CVE-2023-6154?
Yes, a fix for CVE-2023-6154 is available through the latest updates from Bitdefender for the affected products.
- agent/references
- agent/title
- agent/remedy
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/bitdefender
- canonical/bitdefender total security 2020
- canonical/bitdefender internet security
- canonical/bitdefender antivirus plus
- canonical/bitdefender antivirus free
- canonical/bitdefender antivirus for macos
- version/bitdefender antivirus for macos/27.0.25.114
- version/bitdefender antivirus plus/27.0.25.114
- version/bitdefender internet security/27.0.25.114
- version/bitdefender total security 2020/27.0.25.114