2023-12-21 13:00:27 +00:00
{
"id" : "CVE-2023-5594" ,
"sourceIdentifier" : "security@eset.com" ,
"published" : "2023-12-21T12:15:08.293" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T08:42:05.600" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-12-21 13:00:27 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."
2024-01-04 15:00:28 +00:00
} ,
{
"lang" : "es" ,
"value" : "La validaci\u00f3n incorrecta de la cadena de certificados del servidor en la funci\u00f3n de escaneo de tr\u00e1fico seguro consider\u00f3 que el certificado intermedio firmado utilizando el algoritmo MD5 o SHA1 era confiable."
2023-12-21 13:00:27 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2024-01-04 15:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "security@eset.com" ,
"type" : "Secondary" ,
2024-01-04 15:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N" ,
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH" ,
2024-01-04 15:00:28 +00:00
"attackVector" : "NETWORK" ,
2024-12-08 03:06:42 +00:00
"attackComplexity" : "HIGH" ,
2024-01-04 15:00:28 +00:00
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
2024-12-08 03:06:42 +00:00
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE"
2024-01-04 15:00:28 +00:00
} ,
2024-12-08 03:06:42 +00:00
"exploitabilityScore" : 2.2 ,
"impactScore" : 4.7
2024-01-04 15:00:28 +00:00
} ,
2023-12-21 13:00:27 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-12-21 13:00:27 +00:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" ,
"baseScore" : 8.6 ,
"baseSeverity" : "HIGH" ,
2023-12-21 13:00:27 +00:00
"attackVector" : "NETWORK" ,
2024-12-08 03:06:42 +00:00
"attackComplexity" : "LOW" ,
2023-12-21 13:00:27 +00:00
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
2024-12-08 03:06:42 +00:00
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "NONE"
2023-12-21 13:00:27 +00:00
} ,
2024-12-08 03:06:42 +00:00
"exploitabilityScore" : 3.9 ,
"impactScore" : 4.0
2023-12-21 13:00:27 +00:00
}
]
} ,
"weaknesses" : [
2024-01-04 15:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "security@eset.com" ,
"type" : "Secondary" ,
2024-01-04 15:00:28 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-295"
}
]
} ,
2023-12-21 13:00:27 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-12-21 13:00:27 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-295"
}
]
}
] ,
2024-01-04 15:00:28 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:linux:*:*" ,
"versionStartIncluding" : "10.0" ,
"matchCriteriaId" : "1B5C405E-3150-40F5-882D-C07A4955C996"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*" ,
"matchCriteriaId" : "439FC2E0-2FE4-4916-8E2C-119450608680"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*" ,
"matchCriteriaId" : "99F0D178-E466-461D-B404-D2958D12B1A0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*" ,
"matchCriteriaId" : "207E6D02-A9FB-4B1F-ABEA-BEBDA67E31A4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:internet_security:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F2CAD248-1F32-4459-A530-8706E334C67F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*" ,
"matchCriteriaId" : "5043B5B1-38B2-4621-B738-A79E5DF8D98E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*" ,
"matchCriteriaId" : "DE40A56E-EBC0-43C8-85FB-868802B4817F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:nod32_antivirus:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6253FAFB-0AE6-494A-950D-EB0EB15E982C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*" ,
"matchCriteriaId" : "D6CCDFB5-D27D-40F5-9BFC-274DA84783E8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:security:-:*:*:*:ultimate:*:*:*" ,
"matchCriteriaId" : "F86A88FA-CAB9-4937-AE8D-4FA22EF4D380"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:server_security:*:*:*:*:*:linux:*:*" ,
"versionStartIncluding" : "10.1" ,
"matchCriteriaId" : "90DDE40D-605C-4465-A647-D3BD14B13E46"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*" ,
"matchCriteriaId" : "74BC745B-A4C5-4EAE-B985-78FDA3C40516"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*" ,
"matchCriteriaId" : "375F46B4-9FDF-48FB-935A-8BB6FEF5221A"
}
]
}
]
}
] ,
2023-12-21 13:00:27 +00:00
"references" : [
{
"url" : "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed" ,
2024-01-04 15:00:28 +00:00
"source" : "security@eset.com" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-12-21 13:00:27 +00:00
}
]
}
