CVE-2023-6058 Vulnerability Details

  /     /     /  

CVE-2023-6058 Metadata Quick Info

CVE Published: 18/10/2024 | CVE Updated: 18/10/2024 | CVE Year: 2023
Source: Bitdefender | Vendor: Bitdefender | Product: Total Security
Status : PUBLISHED

CVE-2023-6058 Description

A vulnerability has been identified in Bitdefender Safepay\'s handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-295
CWE Name: CWE-295 Improper Certificate Validation
Source: Bitdefender

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-94
CAPEC Description: CAPEC-94 Adversary in the Middle (AiTM)


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-6058 Vulnerability Details