Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ESET Server Security for Linux 10.1 and above by ESET, spol. s r.o.

    CVE-2023-5594 (GCVE-0-2023-5594)

    Vulnerability from nvd – Published: 2023-12-21 11:30 – Updated: 2024-08-02 08:07
    VLAI
    Title
    Improper following of a certificate's chain of trust in ESET security products
    Summary
    Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Date Public
    2023-12-20 11:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.481Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Security Ultimate",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Endpoint Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Endpoint Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Endpoint Antivirus for Linux 10.0 and above",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Server Security for Windows Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Mail Security for IBM Domino",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET File Security for Microsoft Azure",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Server Security for Linux 10.1 and above ",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            }
          ],
          "datePublic": "2023-12-20T11:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."
                }
              ],
              "value": "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Man in the Middle Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-21T11:30:41.256Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
            }
          ],
          "source": {
            "advisory": "ca8562",
            "discovery": "UNKNOWN"
          },
          "title": "Improper following of a certificate\u0027s chain of trust\u202fin ESET security products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2023-5594",
        "datePublished": "2023-12-21T11:30:41.256Z",
        "dateReserved": "2023-10-16T08:12:50.985Z",
        "dateUpdated": "2024-08-02T08:07:32.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5594 (GCVE-0-2023-5594)

    Vulnerability from cvelistv5 – Published: 2023-12-21 11:30 – Updated: 2024-08-02 08:07
    VLAI
    Title
    Improper following of a certificate's chain of trust in ESET security products
    Summary
    Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Date Public
    2023-12-20 11:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.481Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Security Ultimate",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Endpoint Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Endpoint Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Endpoint Antivirus for Linux 10.0 and above",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Server Security for Windows Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Mail Security for IBM Domino",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Security for Microsoft SharePoint Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET File Security for Microsoft Azure",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Internet protection module"
              ],
              "product": "ESET Server Security for Linux 10.1 and above ",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1464"
                }
              ]
            }
          ],
          "datePublic": "2023-12-20T11:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."
                }
              ],
              "value": "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Man in the Middle Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-21T11:30:41.256Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
            }
          ],
          "source": {
            "advisory": "ca8562",
            "discovery": "UNKNOWN"
          },
          "title": "Improper following of a certificate\u0027s chain of trust\u202fin ESET security products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2023-5594",
        "datePublished": "2023-12-21T11:30:41.256Z",
        "dateReserved": "2023-10-16T08:12:50.985Z",
        "dateUpdated": "2024-08-02T08:07:32.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }