github - ghsa-4mwg-64w4-5g5m

ghsa-4mwg-64w4-5g5m

Vulnerability from github

Published

2023-12-21 12:30

Modified

2024-01-04 15:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

Details

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-5594"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-21T12:15:08Z",
    "severity": "HIGH"
  },
  "details": "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.",
  "id": "GHSA-4mwg-64w4-5g5m",
  "modified": "2024-01-04T15:30:21Z",
  "published": "2023-12-21T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5594"
    },
    {
      "type": "WEB",
      "url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-5594 (GCVE-0-2023-5594)

Vulnerability from cvelistv5

Published

2023-12-21 11:30

Modified

2024-08-02 08:07

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

CWE

CWE-295 - Improper Certificate Validation

Summary

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.

References

►

URL

Tags

https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed

Impacted products

Vendor

Product

Version

►

ESET, spol. s r.o.

ESET NOD32 Antivirus

	ESET, spol. s r.o.	ESET Internet Security
	ESET, spol. s r.o.	ESET Smart Security Premium
	ESET, spol. s r.o.	ESET Security Ultimate
	ESET, spol. s r.o.	ESET Endpoint Antivirus
	ESET, spol. s r.o.	ESET Endpoint Security
	ESET, spol. s r.o.	ESET Endpoint Antivirus for Linux 10.0 and above
	ESET, spol. s r.o.	ESET Server Security for Windows Server
	ESET, spol. s r.o.	ESET Mail Security for Microsoft Exchange Server
	ESET, spol. s r.o.	ESET Mail Security for IBM Domino
	ESET, spol. s r.o.	ESET Security for Microsoft SharePoint Server
	ESET, spol. s r.o.	ESET File Security for Microsoft Azure
	ESET, spol. s r.o.	ESET Server Security for Linux 10.1 and above

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:32.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET NOD32 Antivirus",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Internet Security",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Smart Security Premium",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Security Ultimate",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Endpoint Antivirus",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Endpoint Security",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Endpoint Antivirus for Linux 10.0 and above",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Server Security for Windows Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Mail Security for Microsoft Exchange Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Mail Security for IBM Domino",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Security for Microsoft SharePoint Server",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET File Security for Microsoft Azure",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Internet protection module"
          ],
          "product": "ESET Server Security for Linux 10.1 and above ",
          "vendor": "ESET, spol. s r.o.",
          "versions": [
            {
              "status": "unaffected",
              "version": "1464"
            }
          ]
        }
      ],
      "datePublic": "2023-12-20T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."
            }
          ],
          "value": "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-94",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-94 Man in the Middle Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-21T11:30:41.256Z",
        "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "shortName": "ESET"
      },
      "references": [
        {
          "url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
        }
      ],
      "source": {
        "advisory": "ca8562",
        "discovery": "UNKNOWN"
      },
      "title": "Improper following of a certificate\u0027s chain of trust\u202fin ESET security products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
    "assignerShortName": "ESET",
    "cveId": "CVE-2023-5594",
    "datePublished": "2023-12-21T11:30:41.256Z",
    "dateReserved": "2023-10-16T08:12:50.985Z",
    "dateUpdated": "2024-08-02T08:07:32.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.