MitM attack in multiple ESET products

1) Improper Certificate Validation

EUVDB-ID: #VU84650

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5594

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper validation of the server’s certificate chain in the SSL/TLS protocol scanning feature. An intermediate certificate signed using the MD5 or SHA1 algorithm was considered trusted, and thus the browser on a system with the ESET secure traffic scanning feature enabled could be caused to trust a site secured with such a certificate.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NOD32: All versions

ESET Internet Security: All versions

ESET Smart Security Premium: All versions

ESET Endpoint Antivirus for Windows: All versions

ESET Endpoint Security for Windows: All versions

ESET Server Security for Microsoft Windows Server: All versions

ESET Mail Security for Microsoft Exchange Server: All versions

ESET Mail Security for IBM Domino: All versions

ESET Security for Microsoft SharePoint Server: All versions

ESET Security Ultimate: All versions

ESET Endpoint Antivirus for Linux: All versions

ESET File Security for Microsoft Azure: All versions

ESET Server Security for Linux: All versions

External links

http://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.