All the vulnerabilites related to Bitdefender - Antivirus Free
cve-2023-6154
Vulnerability from cvelistv5
Published
2024-04-01 10:06
Modified
2024-08-12 18:40
Severity ?
EPSS score ?
Summary
Local privilege escalation in Bitdefender Total Security (VA-11168)
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitdefender:total_security:27.0.25.114:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "total_security",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:internet_security:27.0.25.114:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "internet_security",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:antivirus_plus:27.0.25.114:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "antivirus_plus",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:antivirus:27.0.25.114:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "antivirus",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T15:38:45.661553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T18:40:14.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Total Security",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Internet Security",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Antivirus Plus",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Antivirus Free",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
}
],
"datePublic": "2024-04-01T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114."
}
],
"value": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114."
}
],
"impacts": [
{
"capecId": "CAPEC-203",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-203 Manipulate Registry Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T10:06:57.864Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An automatic update to version\u0026nbsp;27.0.25.115 fixes the issue."
}
],
"value": "An automatic update to version\u00a027.0.25.115 fixes the issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation in Bitdefender Total Security (VA-11168)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2023-6154",
"datePublished": "2024-04-01T10:06:57.864Z",
"dateReserved": "2023-11-15T13:17:52.814Z",
"dateUpdated": "2024-08-12T18:40:14.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8099
Vulnerability from cvelistv5
Published
2020-04-21 10:40
Modified
2024-09-16 20:58
Severity ?
EPSS score ?
Summary
Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Bitdefender | Antivirus Free |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Antivirus Free",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "1.0.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jimmy Bayne"
}
],
"datePublic": "2020-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-21T10:40:15",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/"
}
],
"solutions": [
{
"lang": "en",
"value": "An automated update to version 1.0.17 or higher fixes the issue."
}
],
"source": {
"advisory": "VA-8387",
"discovery": "EXTERNAL"
},
"title": "Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-04-21T09:00:00.000Z",
"ID": "CVE-2020-8099",
"STATE": "PUBLIC",
"TITLE": "Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Antivirus Free",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.17"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jimmy Bayne"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/"
}
]
},
"solution": [
{
"lang": "en",
"value": "An automated update to version 1.0.17 or higher fixes the issue."
}
],
"source": {
"advisory": "VA-8387",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8099",
"datePublished": "2020-04-21T10:40:15.465328Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T20:58:15.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}