A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Fri, 18 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bitdefender
Bitdefender total Security |
|
CPEs | cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:* | |
Vendors & Products |
Bitdefender
Bitdefender total Security |
|
Metrics |
ssvc
|
Fri, 18 Oct 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. | |
Title | Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210) | |
Weaknesses | CWE-295 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Bitdefender
Published: 2024-10-18T08:07:18.810Z
Updated: 2024-10-18T14:55:36.752Z
Reserved: 2023-11-27T14:21:51.157Z
Link: CVE-2023-49570
Vulnrichment
Updated: 2024-10-18T14:55:29.411Z
NVD
Status : Analyzed
Published: 2024-10-18T09:15:02.770
Modified: 2024-10-22T16:26:47.317
Link: CVE-2023-49570
Redhat
No data.