CVE-2023-49567— Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-49567
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239)
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Bitdefender Total Security 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bitdefender Total Security是罗马尼亚比特梵德(Bitdefender)公司的一款应用于PC端的主动威胁防护软件。该软件具有防病毒,防火墙,反间谍软件,隐私控制,家长控制功能。还包括System TuneUp等功能。 Bitdefender Total Security 27.0.25.115之前版本存在信任管理问题漏洞,该漏洞源于错误检查站点的证书,允许攻击者与任意站点建立MITM SSL连接,允许攻击者创建看似合法的恶意证书。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Bitdefender | Total Security | 0 ~ 27.0.25.115 | - |
II. Public POCs for CVE-2023-49567
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-49567
请登录查看更多情报信息。
Same Patch Batch · Bitdefender · 2024-10-18 · 6 CVEs total
| CVE-2023-6055 | Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158) | |
| CVE-2023-6056 | Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (V | |
| CVE-2023-6057 | Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA | |
| CVE-2023-6058 | HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167) | |
| CVE-2023-49570 | Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanni |
IV. Related Vulnerabilities
Same product: Total Security
- CVE-2025-7073
Local Privilege Escalation via Arbitrary File Operation in B - CVE-2024-6871
G DATA Total Security Incorrect Permission Assignment Local - CVE-2024-30377
G DATA Total Security Scan Server Link Following Local Privi - CVE-2024-1868
G DATA Total Security Link Following Local Privilege Escalat - CVE-2024-1867
G DATA Total Security Link Following Local Privilege Escalat
Same vendor: Bitdefender
- CVE-2025-7073
Local Privilege Escalation via Arbitrary File Operation in B - CVE-2025-5317
Improper access restriction to critical folder in Bitdefende - CVE-2025-2245
Server Side Request Forgery in GravityZone Update Server Usi - CVE-2025-2243
SSRF in GravityZone Console via DNS Truncation (VA-12634) - CVE-2025-2244
Insecure PHP deserialization issue in GravityZone Console (V
Same weakness: CWE-295
V. Comments for CVE-2023-49567
No comments yet