CVE-2023-6154

HIGH

Bitdefender - Code Injection

Title source: llm

Description

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.

References (1)

[Vendor Advisory] https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 11.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-15 CWE-610

Status published

Products (4)

bitdefender/antivirus 27.0.25.114

bitdefender/antivirus_plus 27.0.25.114

bitdefender/internet_security 27.0.25.114

bitdefender/total_security 27.0.25.114

Published Apr 01, 2024

Tracked Since Feb 18, 2026