Vulnerabilities > CVE-2023-6057 - Unspecified vulnerability in Bitdefender Total Security

CVSS 7.4 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

bitdefender

NVD

Published: 2024-10-18

Updated: 2024-11-21

Summary

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.

Vulnerable Configurations

Part	Description	Count
Application	Bitdefender Bitdefender Total Security - Bitdefender Total Security 7.2.1.65 Bitdefender Total Security 12.0 Bitdefender Total Security 21.0.24.62 Bitdefender Total Security 23.0.24.120 Bitdefender Total Security 24.0.26.136 Bitdefender Total Security 25.0.7.29 Bitdefender Total Security 26.0.3.29 Bitdefender Total Security 26.0.10.45	9

References

https://www.bitdefender.com/support/security-advisories/insecure-trust-of-dsa-signed-certificates-in-bitdefender-total-security-https-scanning-va-11166/