CVE-2023-6058

MEDIUM

Bitdefender Total Security < 27.0.25.115 - Improper Certificate Validation in Safepay HTTPS Handling

Title source: llm

Description

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.

References (1)

Core 1

Core References

Vendor Advisory

https://www.bitdefender.com/support/security-advisories/https-certificate-validation-issue-in-bitdefender-safepay-va-11167/

Scores

CVSS v3 6.8

EPSS 0.0018

EPSS Percentile 7.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (1)

bitdefender/total_security < 27.0.25.115

Published Oct 18, 2024

Tracked Since Feb 18, 2026