CVE-2023-49567

EPSS 0.06%
Published 18.10.2024 08:15:03
Last modified 22.10.2024 16:39:16
Source cve-requests@bitdefender.com
Teams watchlist Login
Open Login

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Bitdefender ≫ Total Security Version < 27.0.25.115

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.178

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
cve-requests@bitdefender.com	8.6	0	0	CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.bitdefender.com/support/security-advisories/insecure-trust-of-certificates-using-collision-hash-functions-in-bitdefender-total-security-https-scanning-va-11239/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-49567

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49567

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49567

EUVD