Certifi
CVE-2023-37920
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 3 pypi packages depend on certifi (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 2015.4.28.
DescriptionNVD
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
AnalysisAI
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-345. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. Affected products include: Certifi, Fedoraproject Fedora, Netapp Active Iq Unified Manager, Netapp Management Services For Element Software, Netapp Management Services For Netapp Hci. Version information: version 2023.07.22.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verify
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verify
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today