#VU84650 Improper Certificate Validation in Eset Server applications


Published: 2023-12-21

Vulnerability identifier: #VU84650

Vulnerability risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5594

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
NOD32
Other software / Other software solutions
ESET Internet Security
Client/Desktop applications / Antivirus software/Personal firewalls
ESET Smart Security Premium
Client/Desktop applications / Antivirus software/Personal firewalls
ESET Endpoint Antivirus for Windows
Client/Desktop applications / Antivirus software/Personal firewalls
ESET Endpoint Security for Windows
Client/Desktop applications / Antivirus software/Personal firewalls
ESET Security Ultimate
Client/Desktop applications / Antivirus software/Personal firewalls
ESET Endpoint Antivirus for Linux
Client/Desktop applications / Antivirus software/Personal firewalls
ESET File Security for Microsoft Azure
Client/Desktop applications / Antivirus software/Personal firewalls
ESET Server Security for Linux
Client/Desktop applications / Antivirus software/Personal firewalls
ESET Server Security for Microsoft Windows Server
Server applications / Server solutions for antivurus protection
ESET Mail Security for Microsoft Exchange Server
Server applications / Server solutions for antivurus protection
ESET Mail Security for IBM Domino
Server applications / Server solutions for antivurus protection
ESET Security for Microsoft SharePoint Server
Server applications / Server solutions for antivurus protection

Vendor: Eset

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper validation of the server’s certificate chain in the SSL/TLS protocol scanning feature. An intermediate certificate signed using the MD5 or SHA1 algorithm was considered trusted, and thus the browser on a system with the ESET secure traffic scanning feature enabled could be caused to trust a site secured with such a certificate.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

NOD32: All versions

ESET Internet Security: All versions

ESET Smart Security Premium: All versions

ESET Endpoint Antivirus for Windows: All versions

ESET Endpoint Security for Windows: All versions

ESET Server Security for Microsoft Windows Server: All versions

ESET Mail Security for Microsoft Exchange Server: All versions

ESET Mail Security for IBM Domino: All versions

ESET Security for Microsoft SharePoint Server: All versions

ESET Security Ultimate: All versions

ESET Endpoint Antivirus for Linux: All versions

ESET File Security for Microsoft Azure: All versions

ESET Server Security for Linux: All versions

External links
http://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


MitM attack in multiple ESET products