The popular cybersecurity technology firm Bitdefender has patched a vulnerability that might lead to privilege escalation in its widely used products, including Internet Security, Antivirus Plus, Total Security, and Antivirus Free.
Privilege escalation can give an attacker access to a target system, allowing them to damage or steal sensitive data, gain root access, install more malicious payloads, and interfere with system functions.
CVE-2023-6154 – Local Privilege Escalation
With a CVSS score of 7.8, this vulnerability is tracked as CVE-2023-6154, indicating a high risk of severity.
In seccenter.exe, a configuration setting problem exists in Bitdefender Antivirus Plus, Bitdefender Antivirus Free, Bitdefender Total Security, and Bitdefender Internet Security.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
This allows an attacker to modify the expected behavior of the product and possibly load a third-party library when it executes.
As a result, this can result in privilege escalation, giving the attacker complete control over the system they are targeting.
“A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product’s expected behavior and potentially load a third-party library upon execution,” Bitdefender reports.
Affected Products
- Total Security: 27.0.25.114
- Internet Security: 27.0.25.114
- Antivirus Plus: 27.0.25.114
- Antivirus Free: 27.0.25.114
Fix Released
The issue has been fixed with an automatic update to version 27.0.25.115.
To Update
Update your Bitdefender software to ensure system security. Here are the ways to do so:
- Launch the Bitdefender software.
- Go to the “Update” section.
- Look for available updates, and then install them if needed.
Hence, to avoid this vulnerability, it is advised to apply the patch as soon as feasible.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.