CVE-2023-49567

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*

History

22 Oct 2024, 16:00

Type Values Removed Values Added
First Time Bitdefender total Security
Bitdefender
References () https://www.bitdefender.com/support/security-advisories/insecure-trust-of-certificates-using-collision-hash-functions-in-bitdefender-total-security-https-scanning-va-11239/ - () https://www.bitdefender.com/support/security-advisories/insecure-trust-of-certificates-using-collision-hash-functions-in-bitdefender-total-security-https-scanning-va-11239/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8
Summary
  • (es) Se ha identificado una vulnerabilidad en la función de análisis HTTPS de Bitdefender Total Security, en la que el producto comprueba incorrectamente el certificado del sitio, lo que permite a un atacante realizar conexiones SSL MITM a un sitio arbitrario. El producto confía en los certificados emitidos mediante las funciones hash de colisión MD5 y SHA1, lo que permite a los atacantes crear certificados falsos que parecen legítimos.
CPE cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*

18 Oct 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-18 08:15

Updated : 2024-10-22 16:39


NVD link : CVE-2023-49567

Mitre link : CVE-2023-49567

CVE.ORG link : CVE-2023-49567


JSON object : View

Products Affected

bitdefender

  • total_security
CWE
CWE-295

Improper Certificate Validation