This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU84650
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5594
CWE-ID: CWE-295 - Improper Certificate Validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper validation of the server’s certificate chain in the SSL/TLS protocol scanning feature. An intermediate certificate signed using the MD5 or SHA1 algorithm was considered trusted, and thus the browser on a system with the ESET secure traffic scanning feature enabled could be caused to trust a site secured with such a certificate.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
NOD32: All versions
ESET Internet Security: All versions
ESET Smart Security Premium: All versions
ESET Endpoint Antivirus for Windows: All versions
ESET Endpoint Security for Windows: All versions
ESET Server Security for Microsoft Windows Server: All versions
ESET Mail Security for Microsoft Exchange Server: All versions
ESET Mail Security for IBM Domino: All versions
ESET Security for Microsoft SharePoint Server: All versions
ESET Security Ultimate: All versions
ESET Endpoint Antivirus for Linux: All versions
ES ..
Support the originator by clicking the read the rest link below.
