CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-49570

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.0%

CVSS Severity

CVSS v3 Score 7.4

References

https://www.bitdefender.com/support/security-advisories/insecure-trust-of-basic-constraints-certificate-in-bitdefender-total-security-https-scanning-va-11210/

Products affected by CVE-2023-49570

Bitdefender » Total Security » Version: N/A

cpe:2.3:a:bitdefender:total_security:-
Bitdefender » Total Security » Version: 12.0

cpe:2.3:a:bitdefender:total_security:12.0
Bitdefender » Total Security » Version: 21.0.24.62

cpe:2.3:a:bitdefender:total_security:21.0.24.62
Bitdefender » Total Security » Version: 23.0.24.120

cpe:2.3:a:bitdefender:total_security:23.0.24.120
Bitdefender » Total Security » Version: 24.0.26.136

cpe:2.3:a:bitdefender:total_security:24.0.26.136
Bitdefender » Total Security » Version: 25.0.7.29

cpe:2.3:a:bitdefender:total_security:25.0.7.29
Bitdefender » Total Security » Version: 26.0.10.45

cpe:2.3:a:bitdefender:total_security:26.0.10.45
Bitdefender » Total Security » Version: 26.0.3.29

cpe:2.3:a:bitdefender:total_security:26.0.3.29
Bitdefender » Total Security » Version: 7.2.1.65

cpe:2.3:a:bitdefender:total_security:7.2.1.65

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-49570

Products

Pricing

Contact Us