Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Antivirus Free by Bitdefender

    CVE-2023-6154 (GCVE-0-2023-6154)

    Vulnerability from nvd – Published: 2024-04-01 10:06 – Updated: 2024-08-12 18:40
    VLAI
    Title
    Local privilege escalation in Bitdefender Total Security (VA-11168)
    Summary
    A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-15 - External Control of System or Configuration Setting
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender Total Security Affected: 27.0.25.114
    Create a notification for this product.
    Bitdefender Internet Security Affected: 27.0.25.114
    Create a notification for this product.
    Bitdefender Antivirus Plus Affected: 27.0.25.114
    Create a notification for this product.
    Bitdefender Antivirus Free Affected: 27.0.25.114
    Create a notification for this product.
    bitdefender total_security Affected: 27.0.25.114
        cpe:2.3:a:bitdefender:total_security:27.0.25.114:*:*:*:*:*:*:*
    Create a notification for this product.
    bitdefender internet_security Affected: 27.0.25.114
        cpe:2.3:a:bitdefender:internet_security:27.0.25.114:*:*:*:*:*:*:*
    Create a notification for this product.
    bitdefender antivirus_plus Affected: 27.0.25.114
        cpe:2.3:a:bitdefender:antivirus_plus:27.0.25.114:*:*:*:*:*:*:*
    Create a notification for this product.
    bitdefender antivirus Affected: 27.0.25.114
        cpe:2.3:a:bitdefender:antivirus:27.0.25.114:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-01 09:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bitdefender:total_security:27.0.25.114:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "total_security",
                "vendor": "bitdefender",
                "versions": [
                  {
                    "status": "affected",
                    "version": "27.0.25.114"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:bitdefender:internet_security:27.0.25.114:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "internet_security",
                "vendor": "bitdefender",
                "versions": [
                  {
                    "status": "affected",
                    "version": "27.0.25.114"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:bitdefender:antivirus_plus:27.0.25.114:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "antivirus_plus",
                "vendor": "bitdefender",
                "versions": [
                  {
                    "status": "affected",
                    "version": "27.0.25.114"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:bitdefender:antivirus:27.0.25.114:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "antivirus",
                "vendor": "bitdefender",
                "versions": [
                  {
                    "status": "affected",
                    "version": "27.0.25.114"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-02T15:38:45.661553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T18:40:14.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Total Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "27.0.25.114"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Internet Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "27.0.25.114"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Antivirus Plus",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "27.0.25.114"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Antivirus Free",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "27.0.25.114"
                }
              ]
            }
          ],
          "datePublic": "2024-04-01T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114."
                }
              ],
              "value": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-203",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-203 Manipulate Registry Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-15",
                  "description": "CWE-15: External Control of System or Configuration Setting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-01T10:06:57.864Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to version\u0026nbsp;27.0.25.115 fixes the issue."
                }
              ],
              "value": "An automatic update to version\u00a027.0.25.115 fixes the issue."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local privilege escalation in Bitdefender Total Security (VA-11168)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2023-6154",
        "datePublished": "2024-04-01T10:06:57.864Z",
        "dateReserved": "2023-11-15T13:17:52.814Z",
        "dateUpdated": "2024-08-12T18:40:14.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8099 (GCVE-0-2020-8099)

    Vulnerability from nvd – Published: 2020-04-21 10:40 – Updated: 2024-09-16 20:58
    VLAI
    Title
    Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)
    Summary
    A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bitdefender Antivirus Free Affected: unspecified , < 1.0.17 (custom)
    Create a notification for this product.
    Date Public
    2020-04-21 00:00
    Credits
    Jimmy Bayne
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:25.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Antivirus Free",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "1.0.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jimmy Bayne"
            }
          ],
          "datePublic": "2020-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-21T10:40:15.000Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "An automated update to version 1.0.17 or higher fixes the issue."
            }
          ],
          "source": {
            "advisory": "VA-8387",
            "discovery": "EXTERNAL"
          },
          "title": "Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-requests@bitdefender.com",
              "DATE_PUBLIC": "2020-04-21T09:00:00.000Z",
              "ID": "CVE-2020-8099",
              "STATE": "PUBLIC",
              "TITLE": "Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Antivirus Free",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.0.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bitdefender"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jimmy Bayne"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/",
                  "refsource": "MISC",
                  "url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "An automated update to version 1.0.17 or higher fixes the issue."
              }
            ],
            "source": {
              "advisory": "VA-8387",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2020-8099",
        "datePublished": "2020-04-21T10:40:15.465Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:58:15.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6154 (GCVE-0-2023-6154)

    Vulnerability from cvelistv5 – Published: 2024-04-01 10:06 – Updated: 2024-08-12 18:40
    VLAI
    Title
    Local privilege escalation in Bitdefender Total Security (VA-11168)
    Summary
    A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-15 - External Control of System or Configuration Setting
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender Total Security Affected: 27.0.25.114
    Create a notification for this product.
    Bitdefender Internet Security Affected: 27.0.25.114
    Create a notification for this product.
    Bitdefender Antivirus Plus Affected: 27.0.25.114
    Create a notification for this product.
    Bitdefender Antivirus Free Affected: 27.0.25.114
    Create a notification for this product.
    bitdefender total_security Affected: 27.0.25.114
        cpe:2.3:a:bitdefender:total_security:27.0.25.114:*:*:*:*:*:*:*
    Create a notification for this product.
    bitdefender internet_security Affected: 27.0.25.114
        cpe:2.3:a:bitdefender:internet_security:27.0.25.114:*:*:*:*:*:*:*
    Create a notification for this product.
    bitdefender antivirus_plus Affected: 27.0.25.114
        cpe:2.3:a:bitdefender:antivirus_plus:27.0.25.114:*:*:*:*:*:*:*
    Create a notification for this product.
    bitdefender antivirus Affected: 27.0.25.114
        cpe:2.3:a:bitdefender:antivirus:27.0.25.114:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-01 09:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bitdefender:total_security:27.0.25.114:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "total_security",
                "vendor": "bitdefender",
                "versions": [
                  {
                    "status": "affected",
                    "version": "27.0.25.114"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:bitdefender:internet_security:27.0.25.114:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "internet_security",
                "vendor": "bitdefender",
                "versions": [
                  {
                    "status": "affected",
                    "version": "27.0.25.114"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:bitdefender:antivirus_plus:27.0.25.114:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "antivirus_plus",
                "vendor": "bitdefender",
                "versions": [
                  {
                    "status": "affected",
                    "version": "27.0.25.114"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:bitdefender:antivirus:27.0.25.114:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "antivirus",
                "vendor": "bitdefender",
                "versions": [
                  {
                    "status": "affected",
                    "version": "27.0.25.114"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-02T15:38:45.661553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T18:40:14.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Total Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "27.0.25.114"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Internet Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "27.0.25.114"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Antivirus Plus",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "27.0.25.114"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Antivirus Free",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "27.0.25.114"
                }
              ]
            }
          ],
          "datePublic": "2024-04-01T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114."
                }
              ],
              "value": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-203",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-203 Manipulate Registry Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-15",
                  "description": "CWE-15: External Control of System or Configuration Setting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-01T10:06:57.864Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to version\u0026nbsp;27.0.25.115 fixes the issue."
                }
              ],
              "value": "An automatic update to version\u00a027.0.25.115 fixes the issue."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local privilege escalation in Bitdefender Total Security (VA-11168)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2023-6154",
        "datePublished": "2024-04-01T10:06:57.864Z",
        "dateReserved": "2023-11-15T13:17:52.814Z",
        "dateUpdated": "2024-08-12T18:40:14.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8099 (GCVE-0-2020-8099)

    Vulnerability from cvelistv5 – Published: 2020-04-21 10:40 – Updated: 2024-09-16 20:58
    VLAI
    Title
    Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)
    Summary
    A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bitdefender Antivirus Free Affected: unspecified , < 1.0.17 (custom)
    Create a notification for this product.
    Date Public
    2020-04-21 00:00
    Credits
    Jimmy Bayne
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:25.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Antivirus Free",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "1.0.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jimmy Bayne"
            }
          ],
          "datePublic": "2020-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-21T10:40:15.000Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "An automated update to version 1.0.17 or higher fixes the issue."
            }
          ],
          "source": {
            "advisory": "VA-8387",
            "discovery": "EXTERNAL"
          },
          "title": "Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-requests@bitdefender.com",
              "DATE_PUBLIC": "2020-04-21T09:00:00.000Z",
              "ID": "CVE-2020-8099",
              "STATE": "PUBLIC",
              "TITLE": "Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Antivirus Free",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.0.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bitdefender"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jimmy Bayne"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/",
                  "refsource": "MISC",
                  "url": "https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "An automated update to version 1.0.17 or higher fixes the issue."
              }
            ],
            "source": {
              "advisory": "VA-8387",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2020-8099",
        "datePublished": "2020-04-21T10:40:15.465Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:58:15.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }