CVE-2023-5594
Improper following of a certificate's chain of trust in ESET security products
Severity Score
8.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.
La validación incorrecta de la cadena de certificados del servidor en la función de escaneo de tráfico seguro consideró que el certificado intermedio firmado utilizando el algoritmo MD5 o SHA1 era confiable.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-16 CVE Reserved
- 2023-12-21 CVE Published
- 2024-08-02 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
- CAPEC-94: Adversary in the Middle (AiTM)
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eset Search vendor "Eset" | Endpoint Antivirus Search vendor "Eset" for product "Endpoint Antivirus" | >= 10.0 Search vendor "Eset" for product "Endpoint Antivirus" and version " >= 10.0" | linux |
Affected
| ||||||
| Eset Search vendor "Eset" | Endpoint Antivirus Search vendor "Eset" for product "Endpoint Antivirus" | - | windows |
Affected
| ||||||
| Eset Search vendor "Eset" | Endpoint Security Search vendor "Eset" for product "Endpoint Security" | - | windows |
Affected
| ||||||
| Eset Search vendor "Eset" | File Security Search vendor "Eset" for product "File Security" | - | azure |
Affected
| ||||||
| Eset Search vendor "Eset" | Internet Security Search vendor "Eset" for product "Internet Security" | - | - |
Affected
| ||||||
| Eset Search vendor "Eset" | Mail Security Search vendor "Eset" for product "Mail Security" | - | domino |
Affected
| ||||||
| Eset Search vendor "Eset" | Mail Security Search vendor "Eset" for product "Mail Security" | - | exchange_server |
Affected
| ||||||
| Eset Search vendor "Eset" | Nod32 Antivirus Search vendor "Eset" for product "Nod32 Antivirus" | - | - |
Affected
| ||||||
| Eset Search vendor "Eset" | Security Search vendor "Eset" for product "Security" | - | sharepoint_server |
Affected
| ||||||
| Eset Search vendor "Eset" | Security Search vendor "Eset" for product "Security" | - | ultimate |
Affected
| ||||||
| Eset Search vendor "Eset" | Server Security Search vendor "Eset" for product "Server Security" | >= 10.1 Search vendor "Eset" for product "Server Security" and version " >= 10.1" | linux |
Affected
| ||||||
| Eset Search vendor "Eset" | Server Security Search vendor "Eset" for product "Server Security" | - | windows_server |
Affected
| ||||||
| Eset Search vendor "Eset" | Smart Security Search vendor "Eset" for product "Smart Security" | - | premium |
Affected
| ||||||