Bitdefender Total Security Vulnerability: HTTPS Scanning Flaw Allows MITM Attacks
CVE-2023-49570

7.4HIGH

Key Information:

Vendor: Bitdefender
Status: Total Security
Vendor: CVE Published:; 18 October 2024

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2023-49570?

A vulnerability exists in Bitdefender Total Security's HTTPS scanning functionality that permits the software to incorrectly trust a certificate from an unauthorized issuer. This defect is rooted in the misinterpretation of the 'Basic Constraints' extension, where it suggests that a certificate is intended for 'End Entity' usage. As a result, an attacker could exploit this flaw to execute a Man-in-the-Middle (MITM) attack, allowing them to intercept and manipulate communications between users and secure websites, potentially compromising sensitive information.

Affected Version(s)

Total Security 0 < 27.0.25.115.

References

https://www.bitdefender.com/support/security-advisories/i...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Nov 27, 2023