CVE-2023-6057

EPSS 0.18%
Veröffentlicht 18.10.2024 08:15:03
Zuletzt bearbeitet 21.11.2024 17:15:08
Quelle cve-requests@bitdefender.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bitdefender ≫ Total Security Version < 27.0.25.115

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.397

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cve-requests@bitdefender.com	8.6	0	0	CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.bitdefender.com/support/security-advisories/insecure-trust-of-dsa-signed-certificates-in-bitdefender-total-security-https-scanning-va-11166/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6057

EUVD