PT-2018-17391 · Bitdefender · Bitdefender Total Security

Filipe Xavier Oliveira

Published

2018-03-12

Updated

2019-10-03

CVE-2018-6183

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BitDefender Total Security version 2018

Description The issue allows local users to gain privileges or cause a denial of service by impersonating all the pipes through the use of an insecurely created named pipe, ensuring full access to the Everyone users group.

Recommendations For BitDefender Total Security version 2018, consider restricting access to the named pipe until a patch is available. As a temporary workaround, ensure that the system's access control is properly configured to limit the damage from potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-6183

Affected Products

Bitdefender Total Security

PT-2018-17391 · Bitdefender · Bitdefender Total Security

CVE-2018-6183

Related Identifiers

Affected Products

References · 3