CVE-2023-6057

HIGH

7.4

Descripcion

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.

Detalles CVE

Puntuacion CVSS v3.17.4

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Vector de ataqueNETWORK

ComplejidadHIGH

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado10/18/2024

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

bitdefender:total_security

Debilidades (CWE)

CWE-295

Referencias

https://www.bitdefender.com/support/security-advisories/insecure-trust-of-dsa-signed-certificates-in-bitdefender-total-security-https-scanning-va-11166/(cve-requests@bitdefender.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.