Vulnerability in Bitdefender Total Security HTTPS Scanning Functionality Allows Man-in-the-Middle Attacks
CVE-2023-49567

6.8MEDIUM

Key Information:

Vendor: Bitdefender
Status: Total Security
Vendor: CVE Published:; 18 October 2024

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2023-49567?

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.

Affected Version(s)

Total Security 0 < 27.0.25.115

References

https://www.bitdefender.com/support/security-advisories/i...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Nov 27, 2023