CVE-2023-5594

Published Dec 21, 2023

Last updated 6 months ago

CVSS high 7.5

Overview

Description: Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.
Source: security@eset.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Severity: HIGH

Weaknesses

security@eset.com: CWE-295
nvd@nist.gov: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B5C405E-3150-40F5-882D-C07A4955C996",
            "versionStartIncluding": "10.0"
          },
          {
            "criteria": "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "439FC2E0-2FE4-4916-8E2C-119450608680"
          },
          {
            "criteria": "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99F0D178-E466-461D-B404-D2958D12B1A0"
          },
          {
            "criteria": "cpe:2.3:a:eset:file_security:-:*:*:*:*:azure:*:*",
            "vulnerable": true,
            "matchCriteriaId": "207E6D02-A9FB-4B1F-ABEA-BEBDA67E31A4"
          },
          {
            "criteria": "cpe:2.3:a:eset:internet_security:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2CAD248-1F32-4459-A530-8706E334C67F"
          },
          {
            "criteria": "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5043B5B1-38B2-4621-B738-A79E5DF8D98E"
          },
          {
            "criteria": "cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE40A56E-EBC0-43C8-85FB-868802B4817F"
          },
          {
            "criteria": "cpe:2.3:a:eset:nod32_antivirus:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6253FAFB-0AE6-494A-950D-EB0EB15E982C"
          },
          {
            "criteria": "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6CCDFB5-D27D-40F5-9BFC-274DA84783E8"
          },
          {
            "criteria": "cpe:2.3:a:eset:security:-:*:*:*:ultimate:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F86A88FA-CAB9-4937-AE8D-4FA22EF4D380"
          },
          {
            "criteria": "cpe:2.3:a:eset:server_security:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90DDE40D-605C-4465-A647-D3BD14B13E46",
            "versionStartIncluding": "10.1"
          },
          {
            "criteria": "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74BC745B-A4C5-4EAE-B985-78FDA3C40516"
          },
          {
            "criteria": "cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "375F46B4-9FDF-48FB-935A-8BB6FEF5221A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References