CVE-2023-6154 Vulnerability Details

  /     /     /  

CVE-2023-6154 Metadata Quick Info

CVE Published: 01/04/2024 | CVE Updated: 12/08/2024 | CVE Year: 2023
Source: Bitdefender | Vendor: Bitdefender | Product: Total Security
Status : PUBLISHED

---

CVE-2023-6154 Description

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\'s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.

Metrics

CVSS Version: 3.1 | Base Score: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-15
CWE Name: CWE-15: External Control of System or Configuration Setting
Source: Bitdefender

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-203
CAPEC Description: CAPEC-203 Manipulate Registry Information


Source: NVD (National Vulnerability Database).