{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-5594","assignerOrgId":"4a9b9929-2450-4021-b7b9-469a0255b215","state":"PUBLISHED","assignerShortName":"ESET","dateReserved":"2023-10-16T08:12:50.985Z","datePublished":"2023-12-21T11:30:41.256Z","dateUpdated":"2024-08-02T08:07:32.481Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET NOD32 Antivirus","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Internet Security","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Smart Security Premium","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Security Ultimate","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Endpoint Antivirus","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Endpoint Security","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Endpoint Antivirus for Linux 10.0 and above","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Server Security for Windows Server","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Mail Security for Microsoft Exchange Server","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Mail Security for IBM Domino","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Security for Microsoft SharePoint Server","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET File Security for Microsoft Azure","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]},{"defaultStatus":"unaffected","modules":["Internet protection module"],"product":"ESET Server Security for Linux 10.1 and above ","vendor":"ESET, spol. s r.o.","versions":[{"status":"unaffected","version":"1464"}]}],"datePublic":"2023-12-20T11:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."}],"value":"Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."}],"impacts":[{"capecId":"CAPEC-94","descriptions":[{"lang":"en","value":"CAPEC-94 Man in the Middle Attack"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"4a9b9929-2450-4021-b7b9-469a0255b215","shortName":"ESET","dateUpdated":"2023-12-21T11:30:41.256Z"},"references":[{"url":"https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"}],"source":{"advisory":"ca8562","discovery":"UNKNOWN"},"title":"Improper following of a certificate's chain of trust in ESET security products","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:07:32.481Z"},"title":"CVE Program Container","references":[{"url":"https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed","tags":["x_transferred"]}]}]}}