How severe is CVE-2023-6058?

This vulnerability has a severity rating of HIGH with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2023-6058?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2023-6058 - HIGH Severity | CVSS 6.8

Vulnerability Description

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.

Related Vulnerabilities

CVE-2006-7246

MEDIUM

CVSS:6.8(Medium)

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

CWE-2952006

CVE-2015-4100

MEDIUM

CVSS:6.8(Medium)

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authori...

CWE-2952015

CVE-2017-3182

MEDIUM

CVSS:6.8(Medium)

On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attac...

CWE-2952017

CVE-2018-12205

MEDIUM

CVSS:6.8(Medium)

Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated u...

CWE-2952018

CVE-2018-16261

MEDIUM

CVSS:6.8(Medium)

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.

CWE-2952018

CVE-2019-3814

MEDIUM

CVSS:6.8(Medium)

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could p...

CWE-2952019