Overview
- Description
- A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.
- Source
- cve-requests@bitdefender.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.2
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
Weaknesses
- cve-requests@bitdefender.com
- CWE-295
Social media
- Hype score
- Not currently trending
🚨 CVE-2023-6058 (Published: 2024-10-18) - A high-severity vulnerability in Bitdefender Safepay affects multiple versions. Users are urged to update to the latest version to mitigate risks. For detailed remediation steps, check the advisory: https://t.co/jRJTGwLPFl #CyberSecurity
@transilienceai
21 Oct 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 CVE-2023-6058 (Published: 2024-10-18) - A high-severity vulnerability in Bitdefender Safepay affects multiple versions. Users are urged to update to the latest version to mitigate risks. For detailed remediation steps, visit: https://t.co/jRJTGwLPFl #CyberSecurity
@transilienceai
21 Oct 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2023-6058: HIGH] Vulnerability in Bitdefender Safepay's HTTPS handling allows attackers to perform a Man-in-the-Middle attack by manipulating untrusted server certificates added to exceptions, jeopardizing se...#cybersecurity,#vulnerability https://t.co/6jymqev5tV https://t.
@CveFindCom
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-6058 A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted se… https://t.co/QEyp7xT4ng
@CVEnew
506 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F49929DA-5848-4D43-BE46-910C13BEDA93",
"versionEndExcluding": "27.0.25.115"
}
],
"operator": "OR"
}
]
}
]