CVE-2024-11128 — HIGH (7.8)

Q: How severe is CVE-2024-11128?

CVE-2024-11128 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-11128?

Check the references section above for vendor advisories and patch information. Affected products include: Bitdefender Virus Scanner.

Vulnerability Description

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bitdefender	Virus Scanner	< 3.18

Related Weaknesses (CWE)

CWE-269

References

https://www.bitdefender.com/support/security-advisories/insufficient-hardened-ruVendor Advisory

FAQ

What is CVE-2024-11128?

CVE-2024-11128 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileInteg...

How severe is CVE-2024-11128?

CVE-2024-11128 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-11128?

Check the references section above for vendor advisories and patch information. Affected products include: Bitdefender Virus Scanner.