Overview
- Description
- A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.
- Source
- cve-requests@bitdefender.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.4
- Impact score
- 5.2
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- cve-requests@bitdefender.com
- CWE-295
Social media
- Hype score
- Not currently trending
🚨 CVE-2023-49570 (Published: 2024-10-18) - A high-severity vulnerability affects Bitdefender Total Security. Ensure you're using the latest version to mitigate risks. For detailed remediation steps, check the advisory here: https://t.co/MwoBACVbq6 #CyberSecurity #Bitdefender
@transilienceai
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2023-49570 (Published: 2024-10-18) - A high-severity vulnerability in Bitdefender Total Security affects multiple versions. Users are urged to update to the latest version to mitigate risks. For detailed remediation steps, visit: https://t.co/MwoBACVbq6 #CyberSecurity… htt
@transilienceai
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Angreifer können PCs mit Virenschutz von Bitdefender und Trend Micro attackieren. CVE-2023-49567, CVE-2023-49570, CVE-2023-6055, CVE-2023-6056, CVE-2023-6057 mit dem Bedrohungsgrad "hoch" #PatchNow https://t.co/xQGFyO8uqf
@SedimentIV
20 Oct 2024
1597 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-49570 A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't … https://t.co/8Ck1SPSoHo
@CVEnew
434 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2023-49570: HIGH] Vulnerability found in Bitdefender Total Security HTTPS scanning allows unauthorized cert issuance, posing Man-in-the-Middle threat. Stay alert for potential cyber attacks.#cybersecurity,#vulnerability https://t.co/ruOj1kdHC3 https://t.co/enjujqOEkn
@CveFindCom
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F49929DA-5848-4D43-BE46-910C13BEDA93",
"versionEndExcluding": "27.0.25.115"
}
],
"operator": "OR"
}
]
}
]