Skip to main content

Endpoint Antivirus CVE-2023-5594

HIGH
Improper Certificate Validation (CWE-295)
2023-12-21 security@eset.com
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 21, 2023 - 12:15 nvd
HIGH 8.6

DescriptionNVD

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.

AnalysisAI

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-295. Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Affected products include: Eset Endpoint Antivirus, Eset Endpoint Security, Eset File Security, Eset Internet Security, Eset Mail Security.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-0353 HIGH POC
7.8 Feb 15

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete file

CVE-2016-9892 MEDIUM POC
5.9 Mar 02

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.

CVE-2023-3160 HIGH
7.8 Aug 14

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or

CVE-2023-2847 HIGH
7.8 Jun 15

During internal security analysis, a local privilege escalation vulnerability has been identified. Rated high severity (

CVE-2020-11446 HIGH
7.8 Apr 29

ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard l

CVE-2019-16519 HIGH
7.8 Oct 14

ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an u

CVE-2022-0615 HIGH
7.5 Feb 25

Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-

CVE-2022-27167 HIGH
7.1 May 10

Privilege escalation vulnerability in Windows products of ESET, spol. Rated high severity (CVSS 7.1), this vulnerability

CVE-2024-3779 MEDIUM
5.5 Jul 16

Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker t

CVE-2021-37850 MEDIUM
5.5 Nov 08

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to

Share

CVE-2023-5594 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy