Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-6058— HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167)

EPSS 0.43% · P62
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-6058

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167)
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Bitdefender Total Security 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bitdefender Total Security是罗马尼亚比特梵德(Bitdefender)公司的一款应用于PC端的主动威胁防护软件。该软件具有防病毒,防火墙,反间谍软件,隐私控制,家长控制功能。还包括System TuneUp等功能。 Bitdefender Total Security 27.0.25.115之前版本存在信任管理问题漏洞,该漏洞源于HTTPS证书验证问题,允许攻击者使用自签名证书执行中间人(MITM)攻击,可能导致安全通信被拦截并被篡改。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
BitdefenderTotal Security 0 ~ 27.0.25.115 -

II. Public POCs for CVE-2023-6058

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-6058

登录查看更多情报信息。

Same Patch Batch · Bitdefender · 2024-10-18 · 6 CVEs total

CVE-2023-6055Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158)
CVE-2023-6056Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (V
CVE-2023-6057Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA
CVE-2023-49570Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanni
CVE-2023-49567Insecure Trust of certificates using collision hash functions in Bitdefender Total Securit

IV. Related Vulnerabilities

Same product: Total Security
Same vendor: Bitdefender
Same weakness: CWE-295

V. Comments for CVE-2023-6058

No comments yet

Leave a comment