CVE-2023-5594

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.

Published: Dec 21, 2023
Updated: Jan 5, 2024
CVE: CVE-2023-5594
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
eset / server_security	10.1	10.1.x
eset / endpoint_antivirus	10.0	10.0.x

https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed

Vulnerability Database

CVE-2023-5594