ESET has released patches for several of its endpoint and server security products to address a high-severity vulnerability that could have been exploited to cause web browsers to trust sites that should not be trusted.
The flaw, tracked as CVE-2023-5594, affected the SSL/TLS protocol scanning feature present in ESET products.
It could have caused browsers to trust websites with certificates signed with outdated and insecure algorithms.
Patches have been rolling out via automatic product updates since November 21 - no user interaction is required to install the fix.
The vulnerability was reported to ESET by an individual who wished to remain anonymous.
The cybersecurity firm says it's not aware of any attacks exploiting this vulnerability.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 21 Dec 2023 13:43:05 +0000