CVE-2023-37920

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Certifi versions prior to 2023.07.22

Description The issue is related to the recognition of "e-Tugra" root certificates by Certifi, a collection of Root Certificates for validating SSL certificates. e-Tugra's root certificates were subject to an investigation due to reported security issues. The problem is associated with insufficient authentication data verification, which could allow a remote attacker to implement a "man-in-the-middle" attack.

Recommendations For Certifi versions prior to 2023.07.22, update to version 2023.07.22 or later, which removes the "e-Tugra" root certificates from the root store. As a temporary workaround, consider disabling the use of "e-Tugra" root certificates until the update is applied.

Exploit

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

ALSA-2023:7753

ALSA-2024:0133

ALT-PU-2024-17376

ALT-PU-2024-17878

ALT-PU-2025-6576

AZL-35126

BDU:2023-05463

CESA-2024_0133

CVE-2023-37920

ECHO-DF75-5B71-A4BE

GHSA-XQR8-7JWR-RHP7

INFBA-2024_5691

INFBA-2024_5736

OESA-2023-1457

PYSEC-2023-135

RHSA-2023:6812

RHSA-2023:7378

RHSA-2023:7385

RHSA-2023:7407

RHSA-2023:7435

RHSA-2023:7523

RHSA-2023:7528

RHSA-2023:7753

RHSA-2023_7753

RHSA-2024:0133

RHSA-2024_0133

Affected Products

Alt Linux

Almalinux

Centos

Certifi

Debian

Ibm Aix

Red Hat

Red Os

CVE-2023-37920

Weakness Enumeration

Related Identifiers

Affected Products

References · 54