CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-49567

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.0%

CVSS Severity

CVSS v3 Score 6.8

References

https://www.bitdefender.com/support/security-advisories/insecure-trust-of-certificates-using-collision-hash-functions-in-bitdefender-total-security-https-scanning-va-11239/

Products affected by CVE-2023-49567

Bitdefender » Total Security » Version: N/A

cpe:2.3:a:bitdefender:total_security:-
Bitdefender » Total Security » Version: 12.0

cpe:2.3:a:bitdefender:total_security:12.0
Bitdefender » Total Security » Version: 21.0.24.62

cpe:2.3:a:bitdefender:total_security:21.0.24.62
Bitdefender » Total Security » Version: 23.0.24.120

cpe:2.3:a:bitdefender:total_security:23.0.24.120
Bitdefender » Total Security » Version: 24.0.26.136

cpe:2.3:a:bitdefender:total_security:24.0.26.136
Bitdefender » Total Security » Version: 25.0.7.29

cpe:2.3:a:bitdefender:total_security:25.0.7.29
Bitdefender » Total Security » Version: 26.0.10.45

cpe:2.3:a:bitdefender:total_security:26.0.10.45
Bitdefender » Total Security » Version: 26.0.3.29

cpe:2.3:a:bitdefender:total_security:26.0.3.29
Bitdefender » Total Security » Version: 7.2.1.65

cpe:2.3:a:bitdefender:total_security:7.2.1.65

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-49567

Products

Pricing

Contact Us