Endpoint Antivirus
CVE-2023-5594
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.
AnalysisAI
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-295. Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Affected products include: Eset Endpoint Antivirus, Eset Endpoint Security, Eset File Security, Eset Internet Security, Eset Mail Security.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Endpoint Antivirus
View allLocal privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete file
The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.
The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or
During internal security analysis, a local privilege escalation vulnerability has been identified. Rated high severity (
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard l
ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an u
Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-
Privilege escalation vulnerability in Windows products of ESET, spol. Rated high severity (CVSS 7.1), this vulnerability
Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker t
ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today