CVE-2024-11128

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/", "name": "https://www.bitdefender.com/support/security-advisories/insufficient-hardened-runtime-or-library-validation-signing-in-bitdefender-virus-scanner-for-macos/", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability in the BitdefenderVirusScanner binary as used in\u00a0Bitdefender Virus Scanner for MacOS may allow .dynamic library injection\u00a0(DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-11128", "ASSIGNER": "cve-requests@bitdefender.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2025-01-13T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bitdefender:virus_scanner:*:*:*:*:*:macos:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.18"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-11T21:38Z"}