A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.
History

Thu, 21 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}


Tue, 22 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*

Mon, 21 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Bitdefender
Bitdefender total Security
CPEs cpe:2.3:a:bitdefender:total_security:-:*:*:*:*:*:*:*
Vendors & Products Bitdefender
Bitdefender total Security
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 18 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.
Title Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)
Weaknesses CWE-295
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2024-10-18T07:38:23.788Z

Updated: 2024-11-21T16:25:46.655Z

Reserved: 2023-11-09T14:17:12.339Z

Link: CVE-2023-6057

cve-icon Vulnrichment

Updated: 2024-10-21T14:54:23.439Z

cve-icon NVD

Status : Modified

Published: 2024-10-18T08:15:03.627

Modified: 2024-11-21T17:15:08.403

Link: CVE-2023-6057

cve-icon Redhat

No data.