Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1906 vulnerabilities reference this CWE, most recent first.

CVE-2024-4063 (GCVE-0-2024-4063)

Vulnerability from cvelistv5 – Published: 2024-04-23 18:31 – Updated: 2024-08-01 20:26
VLAI
Title
EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation
Summary
A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-261789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Vendor Product Version
EZVIZ CS-C6-21WFR-8 Affected: 5.2.7 Build 170628
Create a notification for this product.
ezviz cs-c6-21wfr-8 Affected: 5.2.7
    cpe:2.3:a:ezviz:cs-c6-21wfr-8:5.2.7:*:*:*:*:*:*:*
Create a notification for this product.
Credits
kaizheng (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ezviz:cs-c6-21wfr-8:5.2.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cs-c6-21wfr-8",
            "vendor": "ezviz",
            "versions": [
              {
                "status": "affected",
                "version": "5.2.7"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-30T16:08:22.532135Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:15.329Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:26:57.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-261789 | EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.261789"
          },
          {
            "name": "VDB-261789 | CTI Indicators (IOB, IOC, TTP)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.261789"
          },
          {
            "name": "Submit #316408 | EZVIZ Camera model: CS-C6-21WFR-8, firmware: V5.2.7 build 170628 Improper Certificate Validation",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.316408"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://github.com/kzLiu2017/CVE_Document/blob/main/CVE_%20advisory_ezviz.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Davinci Application"
          ],
          "product": "CS-C6-21WFR-8",
          "vendor": "EZVIZ",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.7 Build 170628"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "kaizheng (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-261789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Davinci Application. Dank der Manipulation mit unbekannten Daten kann eine improper certificate validation-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-23T18:31:05.822Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-261789 | EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.261789"
        },
        {
          "name": "VDB-261789 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.261789"
        },
        {
          "name": "Submit #316408 | EZVIZ Camera model: CS-C6-21WFR-8, firmware: V5.2.7 build 170628 Improper Certificate Validation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.316408"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/kzLiu2017/CVE_Document/blob/main/CVE_%20advisory_ezviz.pdf"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-23T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-04-23T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-04-23T15:12:31.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-4063",
    "datePublished": "2024-04-23T18:31:05.822Z",
    "dateReserved": "2024-04-23T13:06:53.616Z",
    "dateUpdated": "2024-08-01T20:26:57.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4062 (GCVE-0-2024-4062)

Vulnerability from cvelistv5 – Published: 2024-04-23 18:31 – Updated: 2024-08-01 20:26
VLAI
Title
Hualai Xiaofang iSC5 certificate validation
Summary
A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Vendor Product Version
Hualai Xiaofang iSC5 Affected: 3.2.2_112
Create a notification for this product.
hualai isc5 Affected: 3.2.2_112
    cpe:2.3:a:hualai:isc5:3.2.2_112:*:*:*:*:*:*:*
Create a notification for this product.
Credits
kaizheng (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hualai:isc5:3.2.2_112:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "isc5",
            "vendor": "hualai",
            "versions": [
              {
                "status": "affected",
                "version": "3.2.2_112"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T16:06:02.910255Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:37.617Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:26:57.294Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-261788 | Hualai Xiaofang iSC5 certificate validation",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.261788"
          },
          {
            "name": "VDB-261788 | CTI Indicators (IOB, IOC, TTP)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.261788"
          },
          {
            "name": "Submit #316407 | Hualai Camera model: iSC5, firmware: 3.2.2_112 Improper Certificate Validation",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.316407"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iSC5",
          "vendor": "Hualai Xiaofang",
          "versions": [
            {
              "status": "affected",
              "version": "3.2.2_112"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "kaizheng (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Hualai Xiaofang iSC5 3.2.2_112 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess. Durch Beeinflussen mit unbekannten Daten kann eine improper certificate validation-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-23T18:31:04.417Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-261788 | Hualai Xiaofang iSC5 certificate validation",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.261788"
        },
        {
          "name": "VDB-261788 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.261788"
        },
        {
          "name": "Submit #316407 | Hualai Camera model: iSC5, firmware: 3.2.2_112 Improper Certificate Validation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.316407"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdf"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-23T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-04-23T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-04-23T15:03:03.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Hualai Xiaofang iSC5 certificate validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-4062",
    "datePublished": "2024-04-23T18:31:04.417Z",
    "dateReserved": "2024-04-23T12:57:42.407Z",
    "dateUpdated": "2024-08-01T20:26:57.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3738 (GCVE-0-2024-3738)

Vulnerability from cvelistv5 – Published: 2024-04-13 17:31 – Updated: 2024-09-03 17:59
VLAI
Title
cym1102 nginxWebUI saveCmd handlePath certificate validation
Summary
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Vendor Product Version
cym1102 nginxWebUI Affected: 3.9.0
Affected: 3.9.1
Affected: 3.9.2
Affected: 3.9.3
Affected: 3.9.4
Affected: 3.9.5
Affected: 3.9.6
Affected: 3.9.7
Affected: 3.9.8
Affected: 3.9.9
Create a notification for this product.
nginxui nginx_ui Affected: 3.9.0
Affected: 3.9.1
Affected: 3.9.2
Affected: 3.9.3
Affected: 3.9.4
Affected: 3.9.5
Affected: 3.9.6
Affected: 3.9.7
Affected: 3.9.8
Affected: 3.9.9
    cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:20:00.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-260577 | cym1102 nginxWebUI saveCmd handlePath certificate validation",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.260577"
          },
          {
            "name": "VDB-260577 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.260577"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/cym1102/nginxWebUI/issues/138"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nginx_ui",
            "vendor": "nginxui",
            "versions": [
              {
                "status": "affected",
                "version": "3.9.0"
              },
              {
                "status": "affected",
                "version": "3.9.1"
              },
              {
                "status": "affected",
                "version": "3.9.2"
              },
              {
                "status": "affected",
                "version": "3.9.3"
              },
              {
                "status": "affected",
                "version": "3.9.4"
              },
              {
                "status": "affected",
                "version": "3.9.5"
              },
              {
                "status": "affected",
                "version": "3.9.6"
              },
              {
                "status": "affected",
                "version": "3.9.7"
              },
              {
                "status": "affected",
                "version": "3.9.8"
              },
              {
                "status": "affected",
                "version": "3.9.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3738",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T17:53:20.526229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T17:59:26.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nginxWebUI",
          "vendor": "cym1102",
          "versions": [
            {
              "status": "affected",
              "version": "3.9.0"
            },
            {
              "status": "affected",
              "version": "3.9.1"
            },
            {
              "status": "affected",
              "version": "3.9.2"
            },
            {
              "status": "affected",
              "version": "3.9.3"
            },
            {
              "status": "affected",
              "version": "3.9.4"
            },
            {
              "status": "affected",
              "version": "3.9.5"
            },
            {
              "status": "affected",
              "version": "3.9.6"
            },
            {
              "status": "affected",
              "version": "3.9.7"
            },
            {
              "status": "affected",
              "version": "3.9.8"
            },
            {
              "status": "affected",
              "version": "3.9.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in cym1102 nginxWebUI bis 3.9.9 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion handlePath der Datei /adminPage/conf/saveCmd. Durch das Beeinflussen des Arguments nginxPath mit unbekannten Daten kann eine improper certificate validation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-13T17:31:04.866Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-260577 | cym1102 nginxWebUI saveCmd handlePath certificate validation",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.260577"
        },
        {
          "name": "VDB-260577 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.260577"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/cym1102/nginxWebUI/issues/138"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-12T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-04-12T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-04-12T21:38:53.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "cym1102 nginxWebUI saveCmd handlePath certificate validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-3738",
    "datePublished": "2024-04-13T17:31:04.866Z",
    "dateReserved": "2024-04-12T19:33:35.237Z",
    "dateUpdated": "2024-09-03T17:59:26.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2048 (GCVE-0-2024-2048)

Vulnerability from cvelistv5 – Published: 2024-03-04 19:56 – Updated: 2025-02-13 17:32
VLAI
Title
Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
Summary
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
HashiCorp Vault Affected: 1.15.5 , < 1.16.0 (semver)
Create a notification for this product.
HashiCorp Vault Enterprise Affected: 1.15.5 , < 1.16.0 (semver)
Create a notification for this product.
hashicorp vault Affected: 1.15.5 , < 1.16.0 (custom)
    cpe:2.3:a:hashicorp:vault:1.15.5:*:*:*:*:*:*:*
Create a notification for this product.
hashicorp vault_enterprise Affected: 1.15.5 , < 1.16.0 (custom)
    cpe:2.3:a:hashicorp:vault_enterprise:1.15.5:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:03:37.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240524-0009/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hashicorp:vault:1.15.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vault",
            "vendor": "hashicorp",
            "versions": [
              {
                "lessThan": "1.16.0",
                "status": "affected",
                "version": "1.15.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hashicorp:vault_enterprise:1.15.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vault_enterprise",
            "vendor": "hashicorp",
            "versions": [
              {
                "lessThan": "1.16.0",
                "status": "affected",
                "version": "1.15.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2048",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T15:35:21.923628Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T15:18:54.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.14.10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.16.0",
              "status": "affected",
              "version": "1.15.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault Enterprise",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.14.10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.16.0",
              "status": "affected",
              "version": "1.15.5",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115: Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:10:19.447Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240524-0009/"
        }
      ],
      "source": {
        "advisory": "HCSEC-2024-05",
        "discovery": "EXTERNAL"
      },
      "title": "Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2024-2048",
    "datePublished": "2024-03-04T19:56:47.253Z",
    "dateReserved": "2024-03-01T00:03:34.034Z",
    "dateUpdated": "2025-02-13T17:32:32.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1351 (GCVE-0-2024-1351)

Vulnerability from cvelistv5 – Published: 2024-03-07 16:10 – Updated: 2025-02-13 17:27
VLAI
Title
MongoDB Server may allow successful untrusted connection
Summary
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28. Required Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
MongoDB Inc MongoDB Server Affected: 7.0 , ≤ 7.0.5 (custom)
Affected: 6.0 , ≤ 6.0.13 (custom)
Affected: 5.0 , ≤ 5.0.24 (custom)
Affected: 4.4 , ≤ 4.4.28 (custom)
Create a notification for this product.
mongodb mongodb Affected: 7.0 , ≤ 7.0.5 (custom)
Affected: 6.0 , ≤ 6.0.13 (custom)
Affected: 5.0 , ≤ 5.0.24 (custom)
Affected: 4.4 , ≤ 4.4.28 (custom)
    cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-02-29 09:31
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:33:25.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-72839"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240524-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mongodb",
            "vendor": "mongodb",
            "versions": [
              {
                "lessThanOrEqual": "7.0.5",
                "status": "affected",
                "version": "7.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.0.13",
                "status": "affected",
                "version": "6.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.0.24",
                "status": "affected",
                "version": "5.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "4.4.28",
                "status": "affected",
                "version": "4.4",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-07T18:56:20.004972Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T17:06:22.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.0.13",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.0.24",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.4.28",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\u003cbr\u003e"
            }
          ],
          "value": "A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured."
        }
      ],
      "datePublic": "2024-02-29T09:31:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUnder certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections  that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\u003c/p\u003e\u003cp\u003eRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\u003c/p\u003e"
            }
          ],
          "value": "Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections  that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:11:00.782Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-72839"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240524-0010/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "MongoDB Server may allow successful untrusted connection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-1351",
    "datePublished": "2024-03-07T16:10:19.597Z",
    "dateReserved": "2024-02-08T16:36:39.507Z",
    "dateUpdated": "2025-02-13T17:27:37.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1052 (GCVE-0-2024-1052)

Vulnerability from cvelistv5 – Published: 2024-02-05 20:43 – Updated: 2024-08-01 18:26
VLAI
Title
Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
Summary
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
HashiCorp Boundary Affected: 0.8.0 , < 0.15.0 (semver)
Create a notification for this product.
HashiCorp Boundary Enterprise Affected: 0.8.0 , < 0.15.0 (semver)
Create a notification for this product.
hashicorp boundary Affected: 0.8.0 , < 0.15.0 (semver)
    cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*
Create a notification for this product.
hashicorp boundary_enterprise Affected: 0.8.0 , < 0.15.0 (semver)
    cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "boundary",
            "vendor": "hashicorp",
            "versions": [
              {
                "lessThan": "0.15.0",
                "status": "affected",
                "version": "0.8.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "boundary_enterprise",
            "vendor": "hashicorp",
            "versions": [
              {
                "lessThan": "0.15.0",
                "status": "affected",
                "version": "0.8.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T17:48:37.020420Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T17:52:35.908Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:26:30.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux",
            "x86",
            "ARM",
            "64 bit",
            "32 bit"
          ],
          "product": "Boundary",
          "repo": "https://github.com/hashicorp/boundary",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "0.15.0",
              "status": "affected",
              "version": "0.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux",
            "x86",
            "ARM",
            "64 bit",
            "32 bit"
          ],
          "product": "Boundary Enterprise",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "0.15.0",
              "status": "affected",
              "version": "0.8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
            }
          ],
          "value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-593",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-593 Session Hijacking"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-05T20:43:53.939Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
        }
      ],
      "source": {
        "advisory": "HCSEC-2024-02",
        "discovery": "EXTERNAL"
      },
      "title": "Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2024-1052",
    "datePublished": "2024-02-05T20:43:53.939Z",
    "dateReserved": "2024-01-29T20:35:33.313Z",
    "dateUpdated": "2024-08-01T18:26:30.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51662 (GCVE-0-2023-51662)

Vulnerability from cvelistv5 – Published: 2023-12-22 16:27 – Updated: 2024-08-02 22:40
VLAI
Title
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)
Summary
The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Vendor Product Version
snowflakedb snowflake-connector-net Affected: >= 2.0.25, <= 2.1.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:40:34.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-hwcc-4cv8-cf3h",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-hwcc-4cv8-cf3h"
          },
          {
            "name": "https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "snowflake-connector-net",
          "vendor": "snowflakedb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.0.25, \u003c= 2.1.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-22T16:27:05.209Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-hwcc-4cv8-cf3h",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-hwcc-4cv8-cf3h"
        },
        {
          "name": "https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023"
        }
      ],
      "source": {
        "advisory": "GHSA-hwcc-4cv8-cf3h",
        "discovery": "UNKNOWN"
      },
      "title": "Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-51662",
    "datePublished": "2023-12-22T16:27:05.209Z",
    "dateReserved": "2023-12-21T14:14:26.224Z",
    "dateUpdated": "2024-08-02T22:40:34.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51634 (GCVE-0-2023-51634)

Vulnerability from cvelistv5 – Published: 2024-11-22 20:04 – Updated: 2024-12-05 14:49
VLAI
Title
NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability
Summary
NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
zdi
References
Impacted products
Vendor Product Version
NETGEAR RAX30 Affected: 1.0.7.78
Create a notification for this product.
netgear rax30_firmware Affected: 1.0.7.78
    cpe:2.3:o:netgear:rax30_firmware:1.0.7.78:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-10 17:39
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:netgear:rax30_firmware:1.0.7.78:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rax30_firmware",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.7.78"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51634",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T15:16:30.530405Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T14:49:40.152Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RAX30",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.7.78"
            }
          ]
        }
      ],
      "dateAssigned": "2023-12-20T22:02:27.472Z",
      "datePublic": "2024-06-10T17:39:01.866Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30  routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T20:04:58.330Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-583",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-583/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Neodyme"
      },
      "title": "NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-51634",
    "datePublished": "2024-11-22T20:04:58.330Z",
    "dateReserved": "2023-12-20T21:52:34.963Z",
    "dateUpdated": "2024-12-05T14:49:40.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50949 (GCVE-0-2023-50949)

Vulnerability from cvelistv5 – Published: 2024-04-11 16:54 – Updated: 2024-08-02 22:23
VLAI
Title
IBM QRadar improper certificate validation
Summary
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
ibm
Impacted products
Vendor Product Version
IBM QRadar SIEM Affected: 7.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50949",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T15:37:04.624328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T15:37:11.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:23:44.080Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7147933"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275706"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QRadar SIEM",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation.  IBM X-Force ID:  275706."
            }
          ],
          "value": "IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation.  IBM X-Force ID:  275706."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-11T16:54:41.741Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7147933"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275706"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM QRadar improper certificate validation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-50949",
    "datePublished": "2024-04-11T16:54:41.741Z",
    "dateReserved": "2023-12-16T19:35:35.358Z",
    "dateUpdated": "2024-08-02T22:23:44.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50356 (GCVE-0-2023-50356)

Vulnerability from cvelistv5 – Published: 2024-01-31 10:15 – Updated: 2025-06-17 21:29
VLAI
Title
Improper Certificate Validation in AREAL Topkapi Vision (Server)
Summary
SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
AREAL SAS Topkapi Vision (Server) Affected: 0 , ≤ 6.2.4718 (semver)
Create a notification for this product.
Date Public
2024-01-31 10:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.210Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.areal-topkapi.com/en/services/security-bulletins"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50356",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-31T14:50:43.004367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:29:19.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Topkapi Vision (Server)",
          "vendor": "AREAL SAS",
          "versions": [
            {
              "lessThanOrEqual": "6.2.4718",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-01-31T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login."
            }
          ],
          "value": "SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-15T10:52:21.178Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://www.areal-topkapi.com/en/services/security-bulletins"
        }
      ],
      "source": {
        "defect": [
          "CERT@VDE#64643"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Improper Certificate Validation in AREAL Topkapi Vision (Server)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-50356",
    "datePublished": "2024-01-31T10:15:36.765Z",
    "dateReserved": "2023-12-07T06:35:41.062Z",
    "dateUpdated": "2025-06-17T21:29:19.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.