CVE-2023-6055

Published Oct 18, 2024

Last updated a month ago

CVSS high 8.6

Overview

Description
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product does not verify the certificate's compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.
Source
cve-requests@bitdefender.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
7.4
Impact score
5.2
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
HIGH

Weaknesses

cve-requests@bitdefender.com
CWE-295

Social media

Hype score
Not currently trending

  1. Angreifer können PCs mit Virenschutz von Bitdefender und Trend Micro attackieren. CVE-2023-49567, CVE-2023-49570, CVE-2023-6055, CVE-2023-6056, CVE-2023-6057 mit dem Bedrohungsgrad "hoch" #PatchNow https://t.co/xQGFyO8uqf

    @SedimentIV

    20 Oct 2024

    1597 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2023-6055: HIGH] Major vulnerability in Bitdefender Total Security HTTPS scanning feature allows attackers to conduct Man-in-the-Middle attacks by exploiting certificate validation flaw. #CyberSecurity#cybersecurity,#vulnerability https://t.co/jRwvBidATJ https://t.co/bh66Otn

    @CveFindCom

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References