{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-6056","assignerOrgId":"b3d5ebe7-963e-41fb-98e1-2edaeabb8f82","state":"PUBLISHED","assignerShortName":"Bitdefender","dateReserved":"2023-11-09T14:17:10.730Z","datePublished":"2024-10-18T07:31:23.425Z","dateUpdated":"2024-10-18T15:27:35.942Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Total Security","vendor":"BItdefender","versions":[{"lessThan":"27.0.25.115","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2024-10-18T07:26:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites."}],"value":"A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites."}],"impacts":[{"capecId":"CAPEC-94","descriptions":[{"lang":"en","value":"CAPEC-94 Adversary in the Middle (AiTM)"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"ADJACENT","baseScore":8.6,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b3d5ebe7-963e-41fb-98e1-2edaeabb8f82","shortName":"Bitdefender","dateUpdated":"2024-10-18T07:31:23.425Z"},"references":[{"url":"https://www.bitdefender.com/support/security-advisories/insecure-trust-of-self-signed-certificates-in-bitdefender-total-security-https-scanning-va-11164/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">An automatic update to product version 27.0.25.115 fixes the issue.</span><br>"}],"value":"An automatic update to product version 27.0.25.115 fixes the issue."}],"source":{"discovery":"UNKNOWN"},"title":"Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"bitdefender","product":"total_security","cpes":["cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"0","status":"affected","lessThan":"27.0.25.115","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-18T15:26:56.592538Z","id":"CVE-2023-6056","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-18T15:27:35.942Z"}}]}}