Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-5594
PUBLISHED
More InfoOfficial Page
Assigner-ESET
Assigner Org ID-4a9b9929-2450-4021-b7b9-469a0255b215
View Known Exploited Vulnerability (KEV) details
Published At-21 Dec, 2023 | 11:30
Updated At-02 Aug, 2024 | 08:07
Rejected At-
▼CVE Numbering Authority (CNA)
Improper following of a certificate's chain of trust in ESET security products

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.

Affected Products
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET NOD32 Antivirus
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Internet Security
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Smart Security Premium
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Security Ultimate
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Endpoint Antivirus
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Endpoint Security
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Endpoint Antivirus for Linux 10.0 and above
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Server Security for Windows Server
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Mail Security for Microsoft Exchange Server
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Mail Security for IBM Domino
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Security for Microsoft SharePoint Server
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET File Security for Microsoft Azure
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Vendor
ESET, spol. s r. o.ESET, spol. s r.o.
Product
ESET Server Security for Linux 10.1 and above
Modules
  • Internet protection module
Default Status
unaffected
Versions
Unaffected
  • 1464
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295 Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295 Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-94CAPEC-94 Man in the Middle Attack
CAPEC ID: CAPEC-94
Description: CAPEC-94 Man in the Middle Attack
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed
N/A
Hyperlink: https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed
x_transferred
Hyperlink: https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed
Resource:
x_transferred
Details not found