CVE-2023-49567 Vulnerability Details

  /     /     /  

CVE-2023-49567 Metadata Quick Info

CVE Published: 18/10/2024 | CVE Updated: 18/10/2024 | CVE Year: 2023
Source: Bitdefender | Vendor: Bitdefender | Product: Total Security
Status : PUBLISHED

CVE-2023-49567 Description

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site\'s certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-295
CWE Name: CWE-295 Improper Certificate Validation
Source: Bitdefender

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-485
CAPEC Description: CAPEC-485 Signature Spoofing by Key Recreation


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-49567 Vulnerability Details