ESET fixes a high-severity flaw in Secure Traffic Scanning Feature that could have been exploited to cause web browsers to trust sites that should not be trusted.
ESET has addressed a vulnerability (CVE-2023-5594, CVSS score 7.5) in the Secure Traffic Scanning Feature, preventing potential exploitation that could lead web browsers to trust websites using certificates signed with outdated and insecure algorithms.
The issue resides in the SSL/TLS protocol scanning feature implemented in ESET products.
“ESET was made aware of a vulnerability in its SSL/TLS protocol scanning feature, which is available in ESET products listed in the Affected products section below. This vulnerability would cause a browser to trust a site with a certificate signed with an obsolete algorithm that should not be trusted.” reads the advisory.
The root cause of the problem was the improper validation of the server’s certificate chain.
“An intermediate certificate signed using the MD5 or SHA1 algorithm was considered trusted, and thus the browser on a system with the ESET secure traffic scanning feature enabled could be caused to trust a site secured with such a certificate.” continues the advisory.
The security firm released security patches for several products. ESET is not aware of attacks in the wild that exploited this flaw.
Below is the list of affected products:
- ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate
- ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows
- ESET Endpoint Antivirus for Linux 10.0 and above
- ESET Server Security for Windows Server (File Security for Microsoft Windows Server), ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Microsoft SharePoint Server, ESET File Security for Microsoft Azure
- ESET Server Security for Linux 10.1 and above
The security firm addressed the issue with the release of the Internet protection module 1464 which is being distributed via automatic product updates.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Secure Traffic Scanning Feature)