ESET has successfully addressed a significant vulnerability (CVE-2023-5594, CVSS score 7.5) affecting its Secure Traffic Scanning Feature, found in multiple ESET products. This vulnerability had the potential to manipulate web browsers into trusting websites using certificates signed with outdated and insecure algorithms, posing a security risk.
The flaw was associated with the SSL/TLS protocol scanning feature implemented in ESET products. The improper validation of the server’s certificate chain allowed an intermediate certificate signed with the MD5 or SHA1 algorithm to be considered trusted. Consequently, browsers on systems with ESET’s secure traffic scanning feature enabled could be misled into trusting a site secured with such a certificate.
ESET responded promptly by releasing security patches for a range of affected products, including ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus for Windows, ESET Endpoint Security for Windows, ESET Endpoint Antivirus for Linux (version 10.0 and above), and more. Notably, the security company is not aware of any attacks in the wild exploiting this vulnerability.
The remediation effort involved releasing the Internet protection module 1464, distributed through automatic product updates. By addressing this flaw, ESET aims to ensure the continued security of its products and protect users from potential risks associated with outdated certificate algorithms that could compromise the trustworthiness of websites.
Reference
