exploitDog

CVE-2023-49567

Опубликовано: 18 окт. 2024

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.

Ссылки

https://www.bitdefender.com/support/security-advisories/insecure-trust-of-certificates-using-collision-hash-functions-in-bitdefender-total-security-https-scanning-va-11239/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*

Версия до 27.0.25.115 (исключая)

EPSS

Процентиль: 38%

0.00163

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-f28x-wgjx-v8hh

CVSS3: 6.8

github

больше 1 года назад

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.

EPSS

Процентиль: 38%

0.00163

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-295